{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2024-45772","title":"Title"},{"category":"description","text":"Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.\n\nThis issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.\nThe deprecated org.apache.lucene.replicator.http package is affected.\nThe org.apache.lucene.replicator.nrt package is not affected.\n\nUsers are recommended to upgrade to version 9.12.0, which fixes the issue.\n\n The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). Java serialization filters (such as  -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2024-45772","url":"https://www.suse.com/security/cve/CVE-2024-45772"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1231144 for CVE-2024-45772","url":"https://bugzilla.suse.com/1231144"}],"title":"SUSE CVE CVE-2024-45772","tracking":{"current_release_date":"2025-12-19T01:01:05Z","generator":{"date":"2025-02-14T04:31:09Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2024-45772","initial_release_date":"2025-02-14T04:31:09Z","revision_history":[{"date":"2025-02-14T04:31:09Z","number":"2","summary":"Current version"},{"date":"2025-02-16T04:23:18Z","number":"3","summary":"Current version"},{"date":"2025-03-15T04:40:24Z","number":"4","summary":"Current version"},{"date":"2025-04-24T13:31:13Z","number":"5","summary":"Current version"},{"date":"2025-06-26T00:30:38Z","number":"6","summary":"Current version"},{"date":"2025-10-07T00:11:18Z","number":"7","summary":"Current version"},{"date":"2025-12-17T00:58:15Z","number":"8","summary":"description changed"},{"date":"2025-12-19T01:01:05Z","number":"9","summary":"description changed"}],"status":"interim","version":"9"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Module for Package Hub 15 SP5","product":{"name":"SUSE Linux Enterprise Module for Package Hub 15 SP5","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Package Hub 15 SP6","product":{"name":"SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:15:sp6"}}},{"category":"product_name","name":"openSUSE Leap 15.5","product":{"name":"openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.5"}}},{"category":"product_name","name":"openSUSE Leap 15.6","product":{"name":"openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.6"}}},{"category":"product_version","name":"lucene","product":{"name":"lucene","product_id":"lucene","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-analyzers-common","product":{"name":"lucene-analyzers-common","product_id":"lucene-analyzers-common","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-analyzers-common@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-analyzers-smartcn","product":{"name":"lucene-analyzers-smartcn","product_id":"lucene-analyzers-smartcn","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-analyzers-smartcn@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-analyzers-stempel","product":{"name":"lucene-analyzers-stempel","product_id":"lucene-analyzers-stempel","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-analyzers-stempel@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-backward-codecs","product":{"name":"lucene-backward-codecs","product_id":"lucene-backward-codecs","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-backward-codecs@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-classification","product":{"name":"lucene-classification","product_id":"lucene-classification","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-classification@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-codecs","product":{"name":"lucene-codecs","product_id":"lucene-codecs","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-codecs@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-core","product":{"name":"lucene-core","product_id":"lucene-core","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-core@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-facet","product":{"name":"lucene-facet","product_id":"lucene-facet","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-facet@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-grouping","product":{"name":"lucene-grouping","product_id":"lucene-grouping","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-grouping@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-highlighter","product":{"name":"lucene-highlighter","product_id":"lucene-highlighter","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-highlighter@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-join","product":{"name":"lucene-join","product_id":"lucene-join","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-join@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-memory","product":{"name":"lucene-memory","product_id":"lucene-memory","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-memory@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-misc","product":{"name":"lucene-misc","product_id":"lucene-misc","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-misc@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-monitor","product":{"name":"lucene-monitor","product_id":"lucene-monitor","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-monitor@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-queries","product":{"name":"lucene-queries","product_id":"lucene-queries","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-queries@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-queryparser","product":{"name":"lucene-queryparser","product_id":"lucene-queryparser","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-queryparser@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-sandbox","product":{"name":"lucene-sandbox","product_id":"lucene-sandbox","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-sandbox@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-spatial","product":{"name":"lucene-spatial","product_id":"lucene-spatial","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-spatial@?upstream=lucene.src.rpm"}}},{"category":"product_version","name":"lucene-spatial3d","product":{"name":"lucene-spatial3d","product_id":"lucene-spatial3d","product_identification_helper":{"cpe":"cpe:2.3:a:apache:lucene:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/lucene-spatial3d@?upstream=lucene.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-common as component of SUSE Linux Enterprise Module for Package Hub 15 SP5","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-analyzers-common"},"product_reference":"lucene-analyzers-common","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-smartcn as component of SUSE Linux Enterprise Module for Package Hub 15 SP5","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-analyzers-smartcn"},"product_reference":"lucene-analyzers-smartcn","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"lucene-core as component of SUSE Linux Enterprise Module for Package Hub 15 SP5","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-core"},"product_reference":"lucene-core","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"lucene-misc as component of SUSE Linux Enterprise Module for Package Hub 15 SP5","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-misc"},"product_reference":"lucene-misc","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"lucene-queries as component of SUSE Linux Enterprise Module for Package Hub 15 SP5","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-queries"},"product_reference":"lucene-queries","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"lucene-queryparser as component of SUSE Linux Enterprise Module for Package Hub 15 SP5","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-queryparser"},"product_reference":"lucene-queryparser","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"lucene-sandbox as component of SUSE Linux Enterprise Module for Package Hub 15 SP5","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-sandbox"},"product_reference":"lucene-sandbox","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"lucene as component of SUSE Linux Enterprise Module for Package Hub 15 SP5","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene"},"product_reference":"lucene","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-common as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-analyzers-common"},"product_reference":"lucene-analyzers-common","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-smartcn as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-analyzers-smartcn"},"product_reference":"lucene-analyzers-smartcn","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"lucene-core as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-core"},"product_reference":"lucene-core","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"lucene-misc as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-misc"},"product_reference":"lucene-misc","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"lucene-queries as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-queries"},"product_reference":"lucene-queries","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"lucene-queryparser as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-queryparser"},"product_reference":"lucene-queryparser","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"lucene-sandbox as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-sandbox"},"product_reference":"lucene-sandbox","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"lucene as component of SUSE Linux Enterprise Module for Package Hub 15 SP6","product_id":"SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene"},"product_reference":"lucene","relates_to_product_reference":"SUSE Linux Enterprise Module for Package Hub 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-common as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-analyzers-common"},"product_reference":"lucene-analyzers-common","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-smartcn as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-analyzers-smartcn"},"product_reference":"lucene-analyzers-smartcn","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-stempel as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-analyzers-stempel"},"product_reference":"lucene-analyzers-stempel","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-backward-codecs as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-backward-codecs"},"product_reference":"lucene-backward-codecs","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-classification as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-classification"},"product_reference":"lucene-classification","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-codecs as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-codecs"},"product_reference":"lucene-codecs","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-core as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-core"},"product_reference":"lucene-core","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-facet as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-facet"},"product_reference":"lucene-facet","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-grouping as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-grouping"},"product_reference":"lucene-grouping","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-highlighter as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-highlighter"},"product_reference":"lucene-highlighter","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-join as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-join"},"product_reference":"lucene-join","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-memory as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-memory"},"product_reference":"lucene-memory","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-misc as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-misc"},"product_reference":"lucene-misc","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-monitor as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-monitor"},"product_reference":"lucene-monitor","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-queries as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-queries"},"product_reference":"lucene-queries","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-queryparser as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-queryparser"},"product_reference":"lucene-queryparser","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-sandbox as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-sandbox"},"product_reference":"lucene-sandbox","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-spatial as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-spatial"},"product_reference":"lucene-spatial","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-spatial3d as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene-spatial3d"},"product_reference":"lucene-spatial3d","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:lucene"},"product_reference":"lucene","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-common as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-analyzers-common"},"product_reference":"lucene-analyzers-common","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-smartcn as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-analyzers-smartcn"},"product_reference":"lucene-analyzers-smartcn","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-analyzers-stempel as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-analyzers-stempel"},"product_reference":"lucene-analyzers-stempel","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-backward-codecs as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-backward-codecs"},"product_reference":"lucene-backward-codecs","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-classification as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-classification"},"product_reference":"lucene-classification","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-codecs as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-codecs"},"product_reference":"lucene-codecs","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-core as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-core"},"product_reference":"lucene-core","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-facet as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-facet"},"product_reference":"lucene-facet","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-grouping as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-grouping"},"product_reference":"lucene-grouping","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-highlighter as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-highlighter"},"product_reference":"lucene-highlighter","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-join as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-join"},"product_reference":"lucene-join","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-memory as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-memory"},"product_reference":"lucene-memory","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-misc as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-misc"},"product_reference":"lucene-misc","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-monitor as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-monitor"},"product_reference":"lucene-monitor","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-queries as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-queries"},"product_reference":"lucene-queries","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-queryparser as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-queryparser"},"product_reference":"lucene-queryparser","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-sandbox as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-sandbox"},"product_reference":"lucene-sandbox","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-spatial as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-spatial"},"product_reference":"lucene-spatial","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene-spatial3d as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene-spatial3d"},"product_reference":"lucene-spatial3d","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"lucene as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:lucene"},"product_reference":"lucene","relates_to_product_reference":"openSUSE Leap 15.6"}]},"vulnerabilities":[{"cve":"CVE-2024-45772","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2024-45772"}],"notes":[{"category":"general","text":"Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.\n\nThis issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.\nThe deprecated org.apache.lucene.replicator.http package is affected.\nThe org.apache.lucene.replicator.nrt package is not affected.\n\nUsers are recommended to upgrade to version 9.12.0, which fixes the issue.\n\n The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). Java serialization filters (such as  -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene","SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-analyzers-common","SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-analyzers-smartcn","SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-core","SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-misc","SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-queries","SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-queryparser","SUSE Linux Enterprise Module for Package Hub 15 SP5:lucene-sandbox","SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene","SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-analyzers-common","SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-analyzers-smartcn","SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-core","SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-misc","SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-queries","SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-queryparser","SUSE Linux Enterprise Module for Package Hub 15 SP6:lucene-sandbox","openSUSE Leap 15.5:lucene","openSUSE Leap 15.5:lucene-analyzers-common","openSUSE Leap 15.5:lucene-analyzers-smartcn","openSUSE Leap 15.5:lucene-analyzers-stempel","openSUSE Leap 15.5:lucene-backward-codecs","openSUSE Leap 15.5:lucene-classification","openSUSE Leap 15.5:lucene-codecs","openSUSE Leap 15.5:lucene-core","openSUSE Leap 15.5:lucene-facet","openSUSE Leap 15.5:lucene-grouping","openSUSE Leap 15.5:lucene-highlighter","openSUSE Leap 15.5:lucene-join","openSUSE Leap 15.5:lucene-memory","openSUSE Leap 15.5:lucene-misc","openSUSE Leap 15.5:lucene-monitor","openSUSE Leap 15.5:lucene-queries","openSUSE Leap 15.5:lucene-queryparser","openSUSE Leap 15.5:lucene-sandbox","openSUSE Leap 15.5:lucene-spatial","openSUSE Leap 15.5:lucene-spatial3d","openSUSE Leap 15.6:lucene","openSUSE Leap 15.6:lucene-analyzers-common","openSUSE Leap 15.6:lucene-analyzers-smartcn","openSUSE Leap 15.6:lucene-analyzers-stempel","openSUSE Leap 15.6:lucene-backward-codecs","openSUSE Leap 15.6:lucene-classification","openSUSE Leap 15.6:lucene-codecs","openSUSE Leap 15.6:lucene-core","openSUSE Leap 15.6:lucene-facet","openSUSE Leap 15.6:lucene-grouping","openSUSE Leap 15.6:lucene-highlighter","openSUSE Leap 15.6:lucene-join","openSUSE Leap 15.6:lucene-memory","openSUSE Leap 15.6:lucene-misc","openSUSE Leap 15.6:lucene-monitor","openSUSE Leap 15.6:lucene-queries","openSUSE Leap 15.6:lucene-queryparser","openSUSE Leap 15.6:lucene-sandbox","openSUSE Leap 15.6:lucene-spatial","openSUSE Leap 15.6:lucene-spatial3d"]},"references":[{"category":"external","summary":"CVE-2024-45772","url":"https://www.suse.com/security/cve/CVE-2024-45772"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1231144 for CVE-2024-45772","url":"https://bugzilla.suse.com/1231144"}],"threats":[{"category":"impact","date":"2024-09-29T02:00:05Z","details":"moderate"}],"title":"CVE-2024-45772"}]}