CVE-2024-43383

Name of the Vulnerable Software and Affected Versions Apache Lucene.Net.Replicator versions 4.8.0-beta00005 through 4.8.0-beta00016

Description This issue is related to the deserialization of untrusted data, which can result in remote code execution or other potential unauthorized access. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type.

Recommendations To resolve the issue, upgrade to version 4.8.0-beta00017, which fixes the issue. As a temporary workaround, consider restricting access to the vulnerable Replicator library to minimize the risk of exploitation. Avoid using the vulnerable library until the issue is resolved.