
31/10/2024

31/10/2024

31/10/2024

11/2/2025
CVE-2024-43383: Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator
First published: Thu Oct 31 2024(Updated: )
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.
This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.
An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.
Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|
nuget/Lucene.Net.Replicator | >=4.8.0-beta00005<4.8.0-beta00017 | 4.8.0-beta00017 |
Apache Lucene | =4.8.0-beta00005 | |
Apache Lucene | =4.8.0-beta00006 | |
Apache Lucene | =4.8.0-beta00007 | |
Apache Lucene | =4.8.0-beta00008 | |
Apache Lucene | =4.8.0-beta00009 | |
Apache Lucene | =4.8.0-beta00010 | |
Apache Lucene | =4.8.0-beta00011 | |
Apache Lucene | =4.8.0-beta00012 | |
Apache Lucene | =4.8.0-beta00013 | |
Apache Lucene | =4.8.0-beta00014 | |
Apache Lucene | =4.8.0-beta00015 | |
Apache Lucene | =4.8.0-beta00016 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-43383?
CVE-2024-43383 has been classified as a security vulnerability due to the deserialization of untrusted data.
Which versions of Apache Lucene.Net are affected by CVE-2024-43383?
CVE-2024-43383 affects Apache Lucene.Net versions 4.8.0-beta00005 through 4.8.0-beta00016.
How do I fix CVE-2024-43383?
To mitigate CVE-2024-43383, upgrade to Apache Lucene.Net version 4.8.0-beta00017 or later.
What type of vulnerability is CVE-2024-43383?
CVE-2024-43383 is categorized as a deserialization of untrusted data vulnerability.
What can happen if CVE-2024-43383 is exploited?
Exploitation of CVE-2024-43383 could allow an attacker to execute arbitrary code or manipulate data between a replication client and server.
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-43383
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/type
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-2qw8-ppr5-m96c
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/severity
- agent/tags
- agent/softwarecombine
- agent/event
- collector/github-advisory
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/nuget
- vendor/apache
- canonical/apache lucene
- version/apache lucene/4.8.0-beta00005
- version/apache lucene/4.8.0-beta00006
- version/apache lucene/4.8.0-beta00007
- version/apache lucene/4.8.0-beta00008
- version/apache lucene/4.8.0-beta00009
- version/apache lucene/4.8.0-beta00010
- version/apache lucene/4.8.0-beta00011
- version/apache lucene/4.8.0-beta00012
- version/apache lucene/4.8.0-beta00013
- version/apache lucene/4.8.0-beta00014
- version/apache lucene/4.8.0-beta00015
- version/apache lucene/4.8.0-beta00016
Contact
SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.coBy using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203