CVE Daily
← All tags

Tag: Apache Lucene

All CVEs associated with "Apache Lucene". Page 1/1 • 4 CVEs.

About “Apache Lucene”

A curated feed of “Apache Lucene”-related CVEs appears below. We currently track 4 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.4 (all time), and 50% are rated High/Critical (all time). Top CWEs (all time): CWE-502 - Deserialization of Untrusted Data, CWE-284 - Improper Access Control, CWE-611 - Improper Restriction of XML External Entity Reference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: apache-lucene

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
1010.4.0-
99.12.3-
88.11.4 Expired
77.7.3- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Apache Lucene”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-10-31
High

CVE-2024-43383

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker…

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2024-09-30
Medium

CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicat…

CVSS: 5.1 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2024-05-14
Medium

CVE-2024-33647

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authen…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2017-10-14
Critical

CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener…

CVSS: 9.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox