CVE-2024-45772 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-45772 Interim 1 7 2025-04-30T23:32:59Z current 2024-09-30T23:11:36Z 2025-04-30T23:32:59Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-45772 Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). Java serialization filters (such as -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Linux Enterprise Module for Package Hub 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 lucene lucene-analyzers-common lucene-analyzers-smartcn lucene-analyzers-stempel lucene-backward-codecs lucene-classification lucene-codecs lucene-core lucene-facet lucene-grouping lucene-highlighter lucene-join lucene-memory lucene-misc lucene-monitor lucene-queries lucene-queryparser lucene-sandbox lucene-spatial lucene-spatial3d lucene-analyzers-common as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 lucene-analyzers-smartcn as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 lucene-core as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 lucene-misc as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 lucene-queries as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 lucene-queryparser as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 lucene-sandbox as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 lucene as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 lucene-analyzers-common as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 lucene-analyzers-smartcn as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 lucene-core as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 lucene-misc as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 lucene-queries as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 lucene-queryparser as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 lucene-sandbox as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 lucene as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 lucene-analyzers-common as a component of openSUSE Leap 15.5 lucene-analyzers-smartcn as a component of openSUSE Leap 15.5 lucene-analyzers-stempel as a component of openSUSE Leap 15.5 lucene-backward-codecs as a component of openSUSE Leap 15.5 lucene-classification as a component of openSUSE Leap 15.5 lucene-codecs as a component of openSUSE Leap 15.5 lucene-core as a component of openSUSE Leap 15.5 lucene-facet as a component of openSUSE Leap 15.5 lucene-grouping as a component of openSUSE Leap 15.5 lucene-highlighter as a component of openSUSE Leap 15.5 lucene-join as a component of openSUSE Leap 15.5 lucene-memory as a component of openSUSE Leap 15.5 lucene-misc as a component of openSUSE Leap 15.5 lucene-monitor as a component of openSUSE Leap 15.5 lucene-queries as a component of openSUSE Leap 15.5 lucene-queryparser as a component of openSUSE Leap 15.5 lucene-sandbox as a component of openSUSE Leap 15.5 lucene-spatial as a component of openSUSE Leap 15.5 lucene-spatial3d as a component of openSUSE Leap 15.5 lucene as a component of openSUSE Leap 15.5 lucene-analyzers-common as a component of openSUSE Leap 15.6 lucene-analyzers-smartcn as a component of openSUSE Leap 15.6 lucene-analyzers-stempel as a component of openSUSE Leap 15.6 lucene-backward-codecs as a component of openSUSE Leap 15.6 lucene-classification as a component of openSUSE Leap 15.6 lucene-codecs as a component of openSUSE Leap 15.6 lucene-core as a component of openSUSE Leap 15.6 lucene-facet as a component of openSUSE Leap 15.6 lucene-grouping as a component of openSUSE Leap 15.6 lucene-highlighter as a component of openSUSE Leap 15.6 lucene-join as a component of openSUSE Leap 15.6 lucene-memory as a component of openSUSE Leap 15.6 lucene-misc as a component of openSUSE Leap 15.6 lucene-monitor as a component of openSUSE Leap 15.6 lucene-queries as a component of openSUSE Leap 15.6 lucene-queryparser as a component of openSUSE Leap 15.6 lucene-sandbox as a component of openSUSE Leap 15.6 lucene-spatial as a component of openSUSE Leap 15.6 lucene-spatial3d as a component of openSUSE Leap 15.6 lucene as a component of openSUSE Leap 15.6 Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). Java serialization filters (such as -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality. CVE-2024-45772 SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-analyzers-common SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-analyzers-smartcn SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-core SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-misc SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-queries SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-queryparser SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-sandbox SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-analyzers-common SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-analyzers-smartcn SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-core SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-misc SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-queries SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-queryparser SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-sandbox openSUSE Leap 15.5:lucene openSUSE Leap 15.5:lucene-analyzers-common openSUSE Leap 15.5:lucene-analyzers-smartcn openSUSE Leap 15.5:lucene-analyzers-stempel openSUSE Leap 15.5:lucene-backward-codecs openSUSE Leap 15.5:lucene-classification openSUSE Leap 15.5:lucene-codecs openSUSE Leap 15.5:lucene-core openSUSE Leap 15.5:lucene-facet openSUSE Leap 15.5:lucene-grouping openSUSE Leap 15.5:lucene-highlighter openSUSE Leap 15.5:lucene-join openSUSE Leap 15.5:lucene-memory openSUSE Leap 15.5:lucene-misc openSUSE Leap 15.5:lucene-monitor openSUSE Leap 15.5:lucene-queries openSUSE Leap 15.5:lucene-queryparser openSUSE Leap 15.5:lucene-sandbox openSUSE Leap 15.5:lucene-spatial openSUSE Leap 15.5:lucene-spatial3d openSUSE Leap 15.6:lucene openSUSE Leap 15.6:lucene-analyzers-common openSUSE Leap 15.6:lucene-analyzers-smartcn openSUSE Leap 15.6:lucene-analyzers-stempel openSUSE Leap 15.6:lucene-backward-codecs openSUSE Leap 15.6:lucene-classification openSUSE Leap 15.6:lucene-codecs openSUSE Leap 15.6:lucene-core openSUSE Leap 15.6:lucene-facet openSUSE Leap 15.6:lucene-grouping openSUSE Leap 15.6:lucene-highlighter openSUSE Leap 15.6:lucene-join openSUSE Leap 15.6:lucene-memory openSUSE Leap 15.6:lucene-misc openSUSE Leap 15.6:lucene-monitor openSUSE Leap 15.6:lucene-queries openSUSE Leap 15.6:lucene-queryparser openSUSE Leap 15.6:lucene-sandbox openSUSE Leap 15.6:lucene-spatial openSUSE Leap 15.6:lucene-spatial3d moderate 5.1 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L