305 matches found
CVE-2025-26511 Cassandra-Lucene-Index allows bypass of Cassandra RBAC
Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow...
CVE-2025-26511
CVE-2025-26511 affects the Instaclustr fork of Stratio’s Cassandra-Lucene-Index plugin when installed into Apache Cassandra 4.x. The vulnerability allows authenticated Cassandra users to bypass RBAC and escalate privileges due to a flaw in the plugin’s access control. Affected plugin versions are...
CVE-2025-26511 Cassandra-Lucene-Index allows bypass of Cassandra RBAC
Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow...
CVE-2025-26511 Cassandra-Lucene-Index allows bypass of Cassandra RBAC
Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow...
cassandra-lucene-index 安全漏洞
cassandra-lucene-index is a Lucene-based secondary index for Cassandra open-sourced by NetApp Instaclustr. A security vulnerability exists in cassandra-lucene-index. An authenticated attacker could remotely bypass RBAC and elevate its privileges by exploiting this vulnerability...
The vulnerability of the Lucene.Net.Replicator replication utility for the .NET platform’s full-text search library allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.
The vulnerability of the Lucene.Net.Replicator replication utility for.NET platform’s full-text search library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain unauthorized access to protected...
OSV-2024-1254 Security exception in org.apache.lucene.util.ArrayUtil.growExact
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376504918 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.growExact org.apache.lucene.util.ArrayUtil.grow org.apache.lucene.util.BytesRefBuilder.grow...
PT-2024-40621 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported in Apache Lucene. The crash occurs in the org.apache.lucene.util.ArrayUtil.growExact function, which is called by...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data allowing an attacker to execute arbitrary code or gain unauthorized access by intercepting traffic between a replication client and server or controlling the target replication node URL. Details...
CVE-2024-43383
The CVE-2024-43383 entry describes a Deserialization of Untrusted Data vulnerability in Apache Lucene.NET’s Replicator library. Affected versions are 4.8.0-beta00005 through 4.8.0-beta00016; an attacker who can intercept replication traffic or control the target replication node URL can craft a J...
CVE-2024-43383 Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replicati...
Apache Lucene 安全漏洞
Apache Lucene is a free open source search engine software library from the Apache Foundation. A security vulnerability exists in Apache Lucene versions 4.8.0-beta00005 through 4.8.0-beta00016, which stems from the presence of an untrustworthy data deserialization vulnerability that could lead to...
Security Bulletin: Apache Lucene denial of service Vulnerability Affects IBM Jazz Reporting Service
Summary There is a vulnerability in Apache Lucene used by IBM Jazz Reporting Service. This vulnerability has been addressed. 216835 Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remot...
Apache Lucene Deserialization Vulnerability
Apache Lucene is the United States Apache Apache Foundation, a free open source search engine software library. Apache Lucene suffers from a deserialization vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by a...
OSV-2024-1191 Security exception in org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371931330 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII...
PT-2024-40597 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception occurs in the ASCIIFoldingFilter class, specifically in the foldToASCII and incrementToken methods. This issue is related to a crash type of security exception...
Deserialization
org.apache.lucene,lucene-replicator is vulnerable to Deserialization. The vulnerability is due to improper validation of serialized input in the org.apache.lucene.replicator.http package, allows attackers to exploit the deserialization process by sending malicious data...
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...
GHSA-G643-XQ6W-R67C Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...
CVE-2024-45772
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...