3 matches found
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the PatternParser process. An attacker can access sensitive files or interact with internal systems by submitting crafted XML data that triggers external entity resolution. Details XXE Injection is ...
OSV-2025-1064 Security exception in org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476224468 Crash type: Security exception Crash state: org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII org.apache.lucene.analysis.miscellaneous.ASCIIFoldingFilter.foldToASCII...
PT-2025-21906 · Git +1 · Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: The software is susceptible to a security exception during the cloning of an AttributeSource$State object within the ConcatenateGraphFilter$BytesRefBuilderT class. The issue occurs wh...