CVE-2024-43383

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-43383
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43383.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-43383
Aliases
Published
2024-10-31T10:15:04Z
Modified
2025-02-19T03:38:19.942163Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.

This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.

An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.

Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.

References

Affected packages

Git / github.com/apache/lucenenet

Affected ranges

Type
GIT
Repo
https://github.com/apache/lucenenet
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2180ebf3c5b14bed30f37aad65bda65471b6640f
Last affected
27550243e507a19f44dee618abe3cc43fd3cbbf3
Last affected
2f67981c43b18fde17ff184bf1e909db12483671
Last affected
65949674fed11b94158bb2132b1468b3c7d3fb10
Last affected
74416777808ec50351a1c49920fe4d4fd7b4b795
Last affected
8cf15f7fd0bb7b22bb2e865895998583d049ab92
Last affected
bed207a81acb7d100a5545dc28eeeb66d35e06ba
Last affected
ca61899ac5424b8db0aa9e1c49d2a920f8d14ee2
Last affected
cffc8ddd668841eaf82cf759f976ba90aa233002
Last affected
e3afc987f8673b0e69ad1a1c5f67051ad2097994
Last affected
fc2da940da3ca32c2fe6ae9caf69f36b69f3de7f
Last affected
ffbe9c3f90297dfbae11c8a3b1dad475821f46b3

Affected versions

Lucene.*

Lucene.Net_4_8_0_beta00001
Lucene.Net_4_8_0_beta00002
Lucene.Net_4_8_0_beta00003
Lucene.Net_4_8_0_beta00004
Lucene.Net_4_8_0_beta00005
Lucene.Net_4_8_0_beta00006
Lucene.Net_4_8_0_beta00007
Lucene.Net_4_8_0_beta00008
Lucene.Net_4_8_0_beta00009
Lucene.Net_4_8_0_beta00010
Lucene.Net_4_8_0_beta00011
Lucene.Net_4_8_0_beta00012
Lucene.Net_4_8_0_beta00013
Lucene.Net_4_8_0_beta00014