CVE-2024-43383
CVSS V2 None
CVSS V3 None
Description
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.
This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.
An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.
Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.
Overview
- CVE ID
- CVE-2024-43383
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-31T09:57:29.062Z
- Last Modified Date
- 2024-10-31T13:52:47.181Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-43383 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43383 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-01 13:23:52 | Added to TrackCVE |