Vidar-Team

**Name of the Vulnerable Software and Affected Versions** Apache Lucene.Net.Replicator versions 4.8.0-beta00005 through 4.8.0-beta00016 **Description** This issue is related to the deserialization of untrusted data, which can result in remote code execution or other potential unauthorized access. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. **Recommendations** To resolve the issue, upgrade to version 4.8.0-beta00017, which fixes the issue. As a temporary workaround, consider restricting access to the vulnerable Replicator library to minimize the risk of exploitation. Avoid using the vulnerable library until the issue is resolved.