Lucene search
K

85 matches found

Veracode
Veracode
added 2024/10/01 9:55 a.m.11 views

Deserialization

org.apache.lucene,lucene-replicator is vulnerable to Deserialization. The vulnerability is due to improper validation of serialized input in the org.apache.lucene.replicator.http package, allows attackers to exploit the deserialization process by sending malicious data...

8CVSS6.6AI score0.00582EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/09/30 9:30 a.m.22 views

GHSA-G643-XQ6W-R67C Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...

5.1CVSS6.3AI score0.00582EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/09/30 9:30 a.m.26 views

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...

8CVSS6.1AI score0.00582EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/09/30 9:15 a.m.63 views

CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

8CVSS0.00582EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/30 8:51 a.m.20 views

CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

5.1CVSS6.4AI score0.00582EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/30 8:51 a.m.55 views

CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

5.1CVSS0.00582EPSS
Exploits0References1
CVE
CVE
added 2024/09/30 8:51 a.m.95 views

CVE-2024-45772

CVE-2024-45772 (Apache Lucene Replicator) : A deserialization of untrusted data vulnerability affects Lucene Replicator in versions 4.4.0 through before 9.12.0; the deprecated org.apache.lucene.replicator.http package is affected, while org.apache.lucene.replicator.nrt is not. The issue can be tr...

8CVSS5.6AI score0.00582EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/09/30 12:0 a.m.3 views

Apache Lucene 代码问题漏洞

Apache Lucene is the United States Apache Apache Foundation, a free open source search engine software library. Apache Lucene suffers from a deserialization vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by a...

8CVSS7.5AI score0.00582EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.3 views

PT-2024-31762 · Apache · Apache Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene versions 4.4.0 through 9.11.0 Description: The issue is related to the deserialization of untrusted data in the Apache Lucene Replicator. It affects the deprecated org.apache.lucene.replicator.http package, but not the...

8CVSS8.1AI score0.00582EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 2:2 p.m.65 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details CVEID:CVE-2018-1000134 DESCRIPTION: Ping Identity UnboundID LDAP SDK could allow a remote attacker to...

9.8CVSS9.2AI score0.91896EPSS
Exploits17Affected Software1
CNVD
CNVD
added 2024/05/16 12:0 a.m.6 views

Siemens Polarion ALM Improper Access Control Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release. Siemens Polarion ALM suffers from an Improper Access Control vulnerability due to a lack of proper access contr...

6.5CVSS6.7AI score0.00423EPSS
Exploits0References1
NVD
NVD
added 2024/05/14 4:17 p.m.22 views

CVE-2024-33647

A vulnerability has been identified in Polarion ALM All versions V2404.0. The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects...

6.5CVSS6.2AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2024/05/14 10:3 a.m.58 views

CVE-2024-33647

CVE-2024-33647 affects Polarion ALM: all versions before V2404.0. The Apache Lucene–based query engine lacks proper access controls, potentially allowing an authenticated user to query items beyond their allowed projects. Public details in connected sources confirm the vulnerability class as impr...

6.5CVSS6.3AI score0.00423EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/14 10:3 a.m.15 views

CVE-2024-33647

A vulnerability has been identified in Polarion ALM All versions V2404.0. The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects...

6.5CVSS6.5AI score0.00423EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/14 10:3 a.m.21 views

CVE-2024-33647

A vulnerability has been identified in Polarion ALM All versions V2404.0. The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects...

6.5CVSS6.4AI score0.00423EPSS
Exploits0References1
OSV
OSV
added 2024/04/30 12:14 a.m.4 views

OSV-2024-391 Security exception in org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68324 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.3 views

PT-2024-40747 · Apache · Apache Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception occurs in the ASCIIFoldingFilter class, specifically in the foldToASCII and incrementToken methods. This issue is related to a crash type of security exception...

6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.16 views

Fedora: Security Advisory for lucene (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.21 views

[SECURITY] Fedora 40 Update: lucene-9.9.2-2.fc40

Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform...

8.8CVSS6.9AI score0.02578EPSS
Exploits3
OSV
OSV
added 2023/11/14 1:0 p.m.7 views

OSV-2023-1157 Security exception in org.apache.lucene.util.ArrayUtil.growExact

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64141 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.growExact org.apache.lucene.util.ArrayUtil.grow org.apache.lucene.util.BytesRefBuilder.grow...

7.1AI score
Exploits0References1
Rows per page
Query Builder