Vendor
The Goobi viewer REST endpoint accepted an arbitrary Solr streaming expression from unauthenticated network clients, enabling attackers to read, modify, or delete the complete Solr index; this was resolved by removing the affected API endpoint.