Lucene search

Insecure Deserialization

🗓️ 13 Nov 2024 10:43:54Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 6 Views

Apache Lucene.Net.Replicator vulnerable to insecure deserialization via untrusted data interception.

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2024-43383 Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator	31 Oct 202409:57	–	cvelist
NVD	CVE-2024-43383	31 Oct 202410:15	–	nvd
OSV	Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability	31 Oct 202412:30	–	osv
Vulnrichment	CVE-2024-43383 Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator	31 Oct 202409:57	–	vulnrichment
Github Security Blog	Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability	31 Oct 202412:30	–	github
CVE	CVE-2024-43383	31 Oct 202410:15	–	cve

Vulners

Node

veracode lucene.net.replicatorRange4.8.0-beta00016–4.8.0-beta00016

Source	Link
lists	www.lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh
github	www.github.com/apache/lucenenet/commit/1f61dd0fdb465e17141a79d22eb2f2bc02059acc
github	www.github.com/advisories/GHSA-2qw8-ppr5-m96c
openwall	www.openwall.com/lists/oss-security/2024/10/31/2

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Nov 2024 10:54Current

6.7Medium risk

Vulners AI Score6.7

CVSS38

SSVC