Deserialization of Untrusted Data Vulnerability Affects Apache Lucene.NET's Replicator Library
CVE-2024-43383
8.1HIGH
What is CVE-2024-43383?
A deserialization of untrusted data vulnerability exists in the Apache Lucene.NET's Replicator library. This issue arises when an attacker can intercept communication between a replication client and server or influence the target replication node's URL. By providing a specially-crafted JSON response, the attacker can cause the system to deserialize this data as an attacker-controlled exception type, potentially leading to remote code execution or other unauthorized access incidents. It is crucial for users to upgrade to version 4.8.0-beta00017 to mitigate this risk.