|
|
Message-ID: <b85ec504-0550-51f4-3245-137790baa839@apache.org> Date: Thu, 02 Jul 2026 23:04:15 +0000 From: Paul Irwin <paulirwin@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2026-47898: Apache Lucene.Net: XXE vulnerability in Lucene.Net.Analysis.Common PatternParser Severity: Affected versions: - Apache Lucene.Net (Lucene.Net.Analysis.Common) 4.8.0-beta00005 before 4.8.0-beta00018 Description: Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library). This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue. Credit: Daniel Cervera (reporter) Paul Irwin (coordinator) Shad Storhaug (remediation reviewer) References: https://lucenenet.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-47898
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.