CVE-2024-43383

Published Oct 31, 2024

Last updated 16 days ago

CVSS high 8.0

Overview

Description
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue.
Source
security@apache.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8
Impact score
5.9
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@apache.org
CWE-502

Social media

Hype score
Not currently trending

  1. Apache Lucene NET の脆弱性 CVE-2024-43383 がFIX:直ちにアップデートを! https://t.co/6rlvGxglSJ #Apache #Lucene #LucenedotNET #OpenSource #Vulnerability

    @iototsecnews

    11 Nov 2024

    76 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Apache Lucene fixes CVE-2024-43383 #ApacheLucene #CVE-2024-43383 https://t.co/D4JQ4jrN3H

    @pravin_karthik

    2 Nov 2024

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Threat Alert: CVE-2024-43383: Critical Flaw in Apache https://t.co/4lXC58tUjW Exposes Users to Remote Code CVE-2024-43383 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/ooZzCaJAcP #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    1 Nov 2024

    15 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-43383: Critical vuln in Apache https://t.co/CUUyTUMbxi.Replicator up to 4.8.0-beta00016 leads to Privilege Escalation. Upgrade affected component immediately to mitigate risk. #CyberSecurity #InfoSec

    @oktsec

    31 Oct 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-43383 Deserialization of Untrusted Data vulnerability in Apache https://t.co/zmxy8J0LiM.Replicator. This issue affects Apache https://t.co/ZsGxqOoySQ's Replicator library: from 4.8.0-beta00005 thro… https://t.co/YLpXlOHuJj

    @CVEnew

    31 Oct 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References