85 matches found
Deserialization
org.apache.lucene,lucene-replicator is vulnerable to Deserialization. The vulnerability is due to improper validation of serialized input in the org.apache.lucene.replicator.http package, allows attackers to exploit the deserialization process by sending malicious data...
GHSA-G643-XQ6W-R67C Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The...
CVE-2024-45772
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...
CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...
CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...
CVE-2024-45772
CVE-2024-45772 (Apache Lucene Replicator) : A deserialization of untrusted data vulnerability affects Lucene Replicator in versions 4.4.0 through before 9.12.0; the deprecated org.apache.lucene.replicator.http package is affected, while org.apache.lucene.replicator.nrt is not. The issue can be tr...
Apache Lucene 代码问题漏洞
Apache Lucene is the United States Apache Apache Foundation, a free open source search engine software library. Apache Lucene suffers from a deserialization vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by a...
PT-2024-31762 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene versions 4.4.0 through 9.11.0 Description: The issue is related to the deserialization of untrusted data in the Apache Lucene Replicator. It affects the deprecated org.apache.lucene.replicator.http package, but not the...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details CVEID:CVE-2018-1000134 DESCRIPTION: Ping Identity UnboundID LDAP SDK could allow a remote attacker to...
Siemens Polarion ALM Improper Access Control Vulnerability
Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release. Siemens Polarion ALM suffers from an Improper Access Control vulnerability due to a lack of proper access contr...
CVE-2024-33647
A vulnerability has been identified in Polarion ALM All versions V2404.0. The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects...
CVE-2024-33647
CVE-2024-33647 affects Polarion ALM: all versions before V2404.0. The Apache Lucene–based query engine lacks proper access controls, potentially allowing an authenticated user to query items beyond their allowed projects. Public details in connected sources confirm the vulnerability class as impr...
CVE-2024-33647
A vulnerability has been identified in Polarion ALM All versions V2404.0. The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects...
CVE-2024-33647
A vulnerability has been identified in Polarion ALM All versions V2404.0. The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects...
OSV-2024-391 Security exception in org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68324 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII...
PT-2024-40747 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception occurs in the ASCIIFoldingFilter class, specifically in the foldToASCII and incrementToken methods. This issue is related to a crash type of security exception...
Fedora: Security Advisory for lucene (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: lucene-9.9.2-2.fc40
Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform...
OSV-2023-1157 Security exception in org.apache.lucene.util.ArrayUtil.growExact
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64141 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.growExact org.apache.lucene.util.ArrayUtil.grow org.apache.lucene.util.BytesRefBuilder.grow...