{"uuid": "d4c43b57-b90f-4581-8240-9cb1b35e84e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45772", "type": "seen", "source": "https://t.me/cvedetector/6648", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45772 - Apache Lucene Replicator Deserialization of Untrusted Data Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45772 \nPublished : Sept. 30, 2024, 9:15 a.m. | 21\u00a0minutes ago \nDescription : Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.  \n  \nThis issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.  \nThe deprecated org.apache.lucene.replicator.http package is affected.  \nThe org.apache.lucene.replicator.nrt package is not affected.  \n  \nUsers are recommended to upgrade to version 9.12.0, which fixes the issue.  \n  \nJava serialization filters (such as\u00a0-Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality. \nSeverity: 5.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-30T11:38:32.000000Z"}