Lucene search
+L

305 matches found

Vulnrichment
Vulnrichment
added 2025/02/13 3:44 p.m.8 views

CVE-2025-26511 Cassandra-Lucene-Index allows bypass of Cassandra RBAC

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow...

8.8CVSS7.2AI score0.00559EPSS
Exploits0References1
CVE
CVE
added 2025/02/13 3:44 p.m.89 views

CVE-2025-26511

CVE-2025-26511 affects the Instaclustr fork of Stratio’s Cassandra-Lucene-Index plugin when installed into Apache Cassandra 4.x. The vulnerability allows authenticated Cassandra users to bypass RBAC and escalate privileges due to a flaw in the plugin’s access control. Affected plugin versions are...

8.8CVSS8.9AI score0.00559EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/13 3:44 p.m.38 views

CVE-2025-26511 Cassandra-Lucene-Index allows bypass of Cassandra RBAC

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow...

8.8CVSS0.00559EPSS
Exploits0References1
OSV
OSV
added 2025/02/13 3:44 p.m.7 views

CVE-2025-26511 Cassandra-Lucene-Index allows bypass of Cassandra RBAC

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow...

8.8CVSS6AI score0.00559EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.14 views

cassandra-lucene-index 安全漏洞

cassandra-lucene-index is a Lucene-based secondary index for Cassandra open-sourced by NetApp Instaclustr. A security vulnerability exists in cassandra-lucene-index. An authenticated attacker could remotely bypass RBAC and elevate its privileges by exploiting this vulnerability...

8.8CVSS6.5AI score0.00559EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.23 views

The vulnerability of the Lucene.Net.Replicator replication utility for the .NET platform’s full-text search library allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the Lucene.Net.Replicator replication utility for.NET platform’s full-text search library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain unauthorized access to protected...

8CVSS6AI score0.01234EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/01 12:7 a.m.10 views

OSV-2024-1254 Security exception in org.apache.lucene.util.ArrayUtil.growExact

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376504918 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.growExact org.apache.lucene.util.ArrayUtil.grow org.apache.lucene.util.BytesRefBuilder.grow...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.5 views

PT-2024-40621 · Apache · Apache Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported in Apache Lucene. The crash occurs in the org.apache.lucene.util.ArrayUtil.growExact function, which is called by...

7AI score
Exploits0References2
Snyk
Snyk
added 2024/10/31 10:41 a.m.8 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data allowing an attacker to execute arbitrary code or gain unauthorized access by intercepting traffic between a replication client and server or controlling the target replication node URL. Details...

8.6CVSS7.9AI score0.01234EPSS
Exploits0References2
CVE
CVE
added 2024/10/31 9:57 a.m.94 views

CVE-2024-43383

The CVE-2024-43383 entry describes a Deserialization of Untrusted Data vulnerability in Apache Lucene.NET’s Replicator library. Affected versions are 4.8.0-beta00005 through 4.8.0-beta00016; an attacker who can intercept replication traffic or control the target replication node URL can craft a J...

8.1CVSS8.1AI score0.01234EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/31 9:57 a.m.14 views

CVE-2024-43383 Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replicati...

8CVSS7.8AI score0.01234EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.8 views

Apache Lucene 安全漏洞

Apache Lucene is a free open source search engine software library from the Apache Foundation. A security vulnerability exists in Apache Lucene versions 4.8.0-beta00005 through 4.8.0-beta00016, which stems from the presence of an untrustworthy data deserialization vulnerability that could lead to...

8.1CVSS7.7AI score0.01234EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 10:20 a.m.15 views

Security Bulletin: Apache Lucene denial of service Vulnerability Affects IBM Jazz Reporting Service

Summary There is a vulnerability in Apache Lucene used by IBM Jazz Reporting Service. This vulnerability has been addressed. 216835 Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remot...

6.8AI score
Exploits0Affected Software1
CNVD
CNVD
added 2024/10/17 12:0 a.m.12 views

Apache Lucene Deserialization Vulnerability

Apache Lucene is the United States Apache Apache Foundation, a free open source search engine software library. Apache Lucene suffers from a deserialization vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by a...

8CVSS7.2AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2024/10/09 12:4 a.m.8 views

OSV-2024-1191 Security exception in org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371931330 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.6 views

PT-2024-40597 · Apache · Apache Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception occurs in the ASCIIFoldingFilter class, specifically in the foldToASCII and incrementToken methods. This issue is related to a crash type of security exception...

6.9AI score
Exploits0References2
Veracode
Veracode
added 2024/10/01 9:55 a.m.11 views

Deserialization

org.apache.lucene,lucene-replicator is vulnerable to Deserialization. The vulnerability is due to improper validation of serialized input in the org.apache.lucene.replicator.http package, allows attackers to exploit the deserialization process by sending malicious data...

8CVSS6.6AI score0.00582EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/30 9:30 a.m.27 views

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...

8CVSS6.1AI score0.00582EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/09/30 9:30 a.m.22 views

GHSA-G643-XQ6W-R67C Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...

5.1CVSS6.3AI score0.00582EPSS
Exploits0References4
NVD
NVD
added 2024/09/30 9:15 a.m.64 views

CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

8CVSS0.00582EPSS
Exploits0References2
Rows per page
Query Builder