8.1
CWE
502
Advisory Published
CVE Published
Advisory Published
Updated

CVE-2024-43383: Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator

First published: Thu Oct 31 2024(Updated: )

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.

Credit: security@apache.org security@apache.org

Affected SoftwareAffected VersionHow to fix
nuget/Lucene.Net.Replicator>=4.8.0-beta00005<4.8.0-beta00017
4.8.0-beta00017
Apache Lucene=4.8.0-beta00005
Apache Lucene=4.8.0-beta00006
Apache Lucene=4.8.0-beta00007
Apache Lucene=4.8.0-beta00008
Apache Lucene=4.8.0-beta00009
Apache Lucene=4.8.0-beta00010
Apache Lucene=4.8.0-beta00011
Apache Lucene=4.8.0-beta00012
Apache Lucene=4.8.0-beta00013
Apache Lucene=4.8.0-beta00014
Apache Lucene=4.8.0-beta00015
Apache Lucene=4.8.0-beta00016

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2024-43383?

    CVE-2024-43383 has been classified as a security vulnerability due to the deserialization of untrusted data.

  • Which versions of Apache Lucene.Net are affected by CVE-2024-43383?

    CVE-2024-43383 affects Apache Lucene.Net versions 4.8.0-beta00005 through 4.8.0-beta00016.

  • How do I fix CVE-2024-43383?

    To mitigate CVE-2024-43383, upgrade to Apache Lucene.Net version 4.8.0-beta00017 or later.

  • What type of vulnerability is CVE-2024-43383?

    CVE-2024-43383 is categorized as a deserialization of untrusted data vulnerability.

  • What can happen if CVE-2024-43383 is exploited?

    Exploitation of CVE-2024-43383 could allow an attacker to execute arbitrary code or manipulate data between a replication client and server.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203