cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45772,https://securityvulnerability.io/vulnerability/CVE-2024-45772,Deserialization of Untrusted Data Vulnerability Affecting Apache Lucene Replicator,"A deserialization of untrusted data vulnerability exists in the Apache Lucene Lucene's replicator module, impacting versions from 4.4.0 up to 9.12.0. The vulnerability is linked to the deprecated org.apache.lucene.replicator.http package, which poses risks when deployed in network-accessible implementations. User-defined clients utilizing HTTP libraries that access this API may trigger the deserialization issue. To mitigate this vulnerability on affected versions, Java serialization filters can be implemented (e.g., using -Djdk.serialFilter='!*' on the command line), ensuring functionality is not disrupted. Users are highly encouraged to upgrade to version 9.12.0 or later, which corrects this flaw.",Apache,Apache Lucene Replicator,8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-09-30T08:51:30.950Z,0