OSV-2026-356 Security exception in org.apache.lucene.util.ArrayUtil.copyOfSubArray

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=489370855 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.copyOfSubArray org.apache.lucene.util.BytesRef.deepCopyOf org.apache.lucene.index.Term...

Security Bulletin: Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability

Summary Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS/Enterprise Content Management Text Search ECMTS. CSS/ECMTS is affected and is potentially vulnerable. Vulnerability Details Refer to the security bulletins list...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to Apache Lucene

Summary IBM webMethods BPM uses Apache Lucene in designer-process-feature and metadata-core-feature for text processing and filtering purpose. Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression...

EUVD-2024-31363

Malicious code in bioql PyPI...

EUVD-2024-2793

Malicious code in bioql PyPI...

PT-2025-25487 · Git +1 · Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: The software experiences a security exception during the cloning process within the org.apache.lucene.util.AttributeImpl and org.apache.lucene.util.AttributeSource$State classes. The...

CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

OSV-2025-348 Security exception in org.apache.lucene.analysis.miscellaneous.ConcatenateGraphFilter$BytesRefBuilderT

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=416302801 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ConcatenateGraphFilter$BytesRefBuilderT org.apache.lucene.analysis.miscellaneous.ConcatenateGraphFilter$BytesRefBuilderT...

OSV-2025-253 Security exception in org.apache.lucene.analysis.ckb.SoraniNormalizer.normalize

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=407477665 Crash type: Security exception Crash state: org.apache.lucene.analysis.ckb.SoraniNormalizer.normalize org.apache.lucene.analysis.ckb.SoraniNormalizationFilter.incrementToken...

OSV-2025-207 Security exception in org.apache.lucene.analysis.tokenattributes.CharTermAttributeImpl.clone

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=403330010 Crash type: Security exception Crash state: org.apache.lucene.analysis.tokenattributes.CharTermAttributeImpl.clone org.apache.lucene.analysis.tokenattributes.PackedTokenAttributeImpl.clone...

Security Bulletin: Vulnerability in Apache Lucene affects watsonx.data

Summary Apache Lucene is vulnerable to a denial of service attack and could affect watsonx.data. Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this...

OSV-2024-1254 Security exception in org.apache.lucene.util.ArrayUtil.growExact

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376504918 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.growExact org.apache.lucene.util.ArrayUtil.grow org.apache.lucene.util.BytesRefBuilder.grow...

PT-2024-40621 · Apache · Apache Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported in Apache Lucene. The crash occurs in the org.apache.lucene.util.ArrayUtil.growExact function, which is called by...

CVE-2024-43383

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replicati...

CVE-2024-43383

The CVE-2024-43383 entry describes a Deserialization of Untrusted Data vulnerability in Apache Lucene.NET’s Replicator library. Affected versions are 4.8.0-beta00005 through 4.8.0-beta00016; an attacker who can intercept replication traffic or control the target replication node URL can craft a J...

Apache Lucene 安全漏洞

Apache Lucene is a free open source search engine software library from the Apache Foundation. A security vulnerability exists in Apache Lucene versions 4.8.0-beta00005 through 4.8.0-beta00016, which stems from the presence of an untrustworthy data deserialization vulnerability that could lead to...

Security Bulletin: Apache Lucene denial of service Vulnerability Affects IBM Jazz Reporting Service

Summary There is a vulnerability in Apache Lucene used by IBM Jazz Reporting Service. This vulnerability has been addressed. 216835 Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remot...

Apache Lucene Deserialization Vulnerability

Apache Lucene is the United States Apache Apache Foundation, a free open source search engine software library. Apache Lucene suffers from a deserialization vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by a...

OSV-2024-1191 Security exception in org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371931330 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII...

Deserialization

org.apache.lucene,lucene-replicator is vulnerable to Deserialization. The vulnerability is due to improper validation of serialized input in the org.apache.lucene.replicator.http package, allows attackers to exploit the deserialization process by sending malicious data...