Vulnerability-Lookup

CVE-2024-43383 (GCVE-0-2024-43383)

Vulnerability from cvelistv5 – Published: 2024-10-31 09:57 – Updated: 2024-10-31 13:52

Title

Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator

Summary

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/wlz1p76dxpt4rl9o2…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Lucene.Net.Replicator	Affected: 4.8.0-beta00005 , ≤ 4.8.0-beta00016 (semver)

Credits

Summ3r, Vidar-Team Apache Lucene

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-31T10:03:23.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/10/31/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lucene",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "4.8.0-beta00016",
                "status": "affected",
                "version": "4.8.0-beta00005",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43383",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-31T13:51:04.181402Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:52:47.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.nuget.org/packages/Lucene.Net.Replicator/4.8.0-beta00016",
          "defaultStatus": "unaffected",
          "packageName": "Lucene.Net.Replicator",
          "product": "Apache Lucene.Net.Replicator",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "4.8.0-beta00016",
              "status": "affected",
              "version": "4.8.0-beta00005",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Summ3r, Vidar-Team"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Apache Lucene"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDeserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Lucene.NET\u0027s Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.\u003c/p\u003e\u003cp\u003eAn attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.\n\nThis issue affects Apache Lucene.NET\u0027s Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.\n\nAn attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.\n\n\nUsers are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-31T09:57:29.062Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-43383",
    "datePublished": "2024-10-31T09:57:29.062Z",
    "dateReserved": "2024-08-10T16:38:34.946Z",
    "dateUpdated": "2024-10-31T13:52:47.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.\\n\\nThis issue affects Apache Lucene.NET\u0027s Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.\\n\\nAn attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.\\n\\n\\nUsers are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.\"}, {\"lang\": \"es\", \"value\": \" Vulnerabilidad de deserializaci\\u00f3n de datos no confiables en Apache Lucene.Net.Replicator. Este problema afecta a la librer\\u00eda Replicator de Apache Lucene.NET: desde la versi\\u00f3n 4.8.0-beta00005 hasta la 4.8.0-beta00016. Un atacante que pueda interceptar el tr\\u00e1fico entre un cliente y un servidor de replicaci\\u00f3n, o controlar la URL del nodo de replicaci\\u00f3n de destino, puede proporcionar una respuesta JSON especialmente manipulada que se deserializa como un tipo de excepci\\u00f3n proporcionado por el atacante. Esto puede provocar la ejecuci\\u00f3n remota de c\\u00f3digo u otro posible acceso no autorizado. Se recomienda a los usuarios que actualicen a la versi\\u00f3n 4.8.0-beta00017, que soluciona el problema.\"}]",
      "id": "CVE-2024-43383",
      "lastModified": "2024-11-21T09:35:24.427",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.9}]}",
      "published": "2024-10-31T10:15:04.293",
      "references": "[{\"url\": \"https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/31/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-43383\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-10-31T10:15:04.293\",\"lastModified\":\"2025-02-11T16:13:52.167\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.\\n\\nThis issue affects Apache Lucene.NET\u0027s Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.\\n\\nAn attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.\\n\\n\\nUsers are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\" Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Apache Lucene.Net.Replicator. Este problema afecta a la librer\u00eda Replicator de Apache Lucene.NET: desde la versi\u00f3n 4.8.0-beta00005 hasta la 4.8.0-beta00016. Un atacante que pueda interceptar el tr\u00e1fico entre un cliente y un servidor de replicaci\u00f3n, o controlar la URL del nodo de replicaci\u00f3n de destino, puede proporcionar una respuesta JSON especialmente manipulada que se deserializa como un tipo de excepci\u00f3n proporcionado por el atacante. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo u otro posible acceso no autorizado. Se recomienda a los usuarios que actualicen a la versi\u00f3n 4.8.0-beta00017, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00005:*:*:*:*:*:*\",\"matchCriteriaId\":\"79E25A9C-01FC-44B3-9A5E-F5E1D3CFADD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00006:*:*:*:*:*:*\",\"matchCriteriaId\":\"7553B675-B9BE-4969-81F4-0757F91478CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00007:*:*:*:*:*:*\",\"matchCriteriaId\":\"1405236D-970D-4879-A98C-87693C758494\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00008:*:*:*:*:*:*\",\"matchCriteriaId\":\"07188547-C926-4937-87E9-23546E2EABFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00009:*:*:*:*:*:*\",\"matchCriteriaId\":\"74865A6E-42F5-4C8E-9159-63240AE55BAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00010:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC844BB8-F736-4DFD-9410-E45558F112B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00011:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4FB017B-3FE4-4272-AB5C-292F4833BD81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00012:*:*:*:*:*:*\",\"matchCriteriaId\":\"5882F11D-D145-46D3-8740-D4336E34F323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00013:*:*:*:*:*:*\",\"matchCriteriaId\":\"24AD241C-97F8-4F93-811C-99E707E2B0E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00014:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E363C64-EE85-4302-8D26-71B11D8B9B5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00015:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB9EB424-2545-4B57-8284-68AD0E57A92A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:lucene.net:4.8.0:beta00016:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8B783C0-35FD-433D-A597-3B2B3B5E190A\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/10/31/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/31/2\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-10-31T10:03:23.483Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43383\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-31T13:51:04.181402Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"lucene\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.0-beta00005\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.8.0-beta00016\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-31T13:52:42.692Z\"}}], \"cna\": {\"title\": \"Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Summ3r, Vidar-Team\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Apache Lucene\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Lucene.Net.Replicator\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.8.0-beta00005\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.8.0-beta00016\"}], \"packageName\": \"Lucene.Net.Replicator\", \"collectionURL\": \"https://www.nuget.org/packages/Lucene.Net.Replicator/4.8.0-beta00016\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.\\n\\nThis issue affects Apache Lucene.NET\u0027s Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.\\n\\nAn attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.\\n\\n\\nUsers are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDeserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Lucene.NET\u0027s Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.\u003c/p\u003e\u003cp\u003eAn attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-10-31T09:57:29.062Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-43383\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-31T13:52:47.181Z\", \"dateReserved\": \"2024-08-10T16:38:34.946Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-10-31T09:57:29.062Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-2QW8-PPR5-M96C

Vulnerability from github – Published: 2024-10-31 12:30 – Updated: 2025-02-11 19:01

Summary

Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability

Details

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.

This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.

An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.

Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.

Severity ?

8.0 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 (High)


                  
                    CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Lucene.Net.Replicator"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.8.0-beta00005"
            },
            {
              "fixed": "4.8.0-beta00017"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-43383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-31T15:01:08Z",
    "nvd_published_at": "2024-10-31T10:15:04Z",
    "severity": "HIGH"
  },
  "details": "Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.\n\nThis issue affects Apache Lucene.NET\u0027s Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.\n\nAn attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.\n\nUsers are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.",
  "id": "GHSA-2qw8-ppr5-m96c",
  "modified": "2025-02-11T19:01:31Z",
  "published": "2024-10-31T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43383"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/lucenenet/commit/1f61dd0fdb465e17141a79d22eb2f2bc02059acc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/lucenenet"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/10/31/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability"
}

FKIE_CVE-2024-43383

Vulnerability from fkie_nvd - Published: 2024-10-31 10:15 - Updated: 2025-02-11 16:13

Severity ?

8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@apache.org	https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh	Mailing List
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/10/31/2	Mailing List

Impacted products

Vendor	Product	Version
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0
apache	lucene.net	4.8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00005:*:*:*:*:*:*",
              "matchCriteriaId": "79E25A9C-01FC-44B3-9A5E-F5E1D3CFADD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00006:*:*:*:*:*:*",
              "matchCriteriaId": "7553B675-B9BE-4969-81F4-0757F91478CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00007:*:*:*:*:*:*",
              "matchCriteriaId": "1405236D-970D-4879-A98C-87693C758494",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00008:*:*:*:*:*:*",
              "matchCriteriaId": "07188547-C926-4937-87E9-23546E2EABFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00009:*:*:*:*:*:*",
              "matchCriteriaId": "74865A6E-42F5-4C8E-9159-63240AE55BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00010:*:*:*:*:*:*",
              "matchCriteriaId": "EC844BB8-F736-4DFD-9410-E45558F112B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00011:*:*:*:*:*:*",
              "matchCriteriaId": "C4FB017B-3FE4-4272-AB5C-292F4833BD81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00012:*:*:*:*:*:*",
              "matchCriteriaId": "5882F11D-D145-46D3-8740-D4336E34F323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00013:*:*:*:*:*:*",
              "matchCriteriaId": "24AD241C-97F8-4F93-811C-99E707E2B0E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00014:*:*:*:*:*:*",
              "matchCriteriaId": "2E363C64-EE85-4302-8D26-71B11D8B9B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00015:*:*:*:*:*:*",
              "matchCriteriaId": "FB9EB424-2545-4B57-8284-68AD0E57A92A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:lucene.net:4.8.0:beta00016:*:*:*:*:*:*",
              "matchCriteriaId": "B8B783C0-35FD-433D-A597-3B2B3B5E190A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.\n\nThis issue affects Apache Lucene.NET\u0027s Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016.\n\nAn attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access.\n\n\nUsers are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue."
    },
    {
      "lang": "es",
      "value": " Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Apache Lucene.Net.Replicator. Este problema afecta a la librer\u00eda Replicator de Apache Lucene.NET: desde la versi\u00f3n 4.8.0-beta00005 hasta la 4.8.0-beta00016. Un atacante que pueda interceptar el tr\u00e1fico entre un cliente y un servidor de replicaci\u00f3n, o controlar la URL del nodo de replicaci\u00f3n de destino, puede proporcionar una respuesta JSON especialmente manipulada que se deserializa como un tipo de excepci\u00f3n proporcionado por el atacante. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo u otro posible acceso no autorizado. Se recomienda a los usuarios que actualicen a la versi\u00f3n 4.8.0-beta00017, que soluciona el problema."
    }
  ],
  "id": "CVE-2024-43383",
  "lastModified": "2025-02-11T16:13:52.167",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "security@apache.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-31T10:15:04.293",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/10/31/2"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2024-3313

Vulnerability from csaf_certbund - Published: 2024-10-30 23:00 - Updated: 2024-10-30 23:00

Summary

Apache Lucene: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apache Lucene ist eine Programmbibliothek zur Volltextsuche.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Lucene ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Lucene ist eine Programmbibliothek zur Volltextsuche.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Lucene ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3313 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3313.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3313 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3313"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2024-10-30",
        "url": "https://seclists.org/oss-sec/2024/q4/49"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Lucene: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-10-30T23:00:00.000+00:00",
      "generator": {
        "date": "2024-10-31T10:44:04.571+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-3313",
      "initial_release_date": "2024-10-30T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-30T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Net.Replicator \u003c4.8.0-beta00017",
                "product": {
                  "name": "Apache Lucene Net.Replicator \u003c4.8.0-beta00017",
                  "product_id": "T038704"
                }
              },
              {
                "category": "product_version",
                "name": "Net.Replicator 4.8.0-beta00017",
                "product": {
                  "name": "Apache Lucene Net.Replicator 4.8.0-beta00017",
                  "product_id": "T038704-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:lucene:net.replicator__4.8.0-beta00017"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Lucene"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-43383",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Apache Lucene. Dieser Fehler existiert in der Net.Replicator-Komponente wegen der Deserialisierung von nicht vertrauensw\u00fcrdigen Daten. Ein entfernter, anonymer Angreifer, der den Datenverkehr zwischen einem Replikations-Client und -Server abfangen oder die URL des Ziel-Replikationsknotens kontrollieren kann, ist in der Lage, diese Schwachstelle auszunutzen, um beliebigen Code auszuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T038704"
        ]
      },
      "release_date": "2024-10-30T23:00:00.000+00:00",
      "title": "CVE-2024-43383"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-43383 (GCVE-0-2024-43383)

GHSA-2QW8-PPR5-M96C

FKIE_CVE-2024-43383

WID-SEC-W-2024-3313

Tags

Sightings

Nomenclature