GHSA-m739-f9cm-66x2
Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network vector for typical API/web deployment; PR:L because supplying XML patterns to PatternParser generally requires at least application-level access; S:C and C:H for cross-boundary file read; A:L for potential entity-expansion DoS.
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description PRE-NVD
AnalysisAI
XML External Entity injection in Apache Lucene.Net's PatternParser component (Lucene.Net.Analysis.Common library) allows attackers who can supply XML input to the parser to read arbitrary files from the host filesystem or trigger server-side request forgery. Affected deployments span versions 4.8.0-beta00005 through 4.8.0-beta00017. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that attacker-controlled or attacker-influenced XML content reaches a PatternParser instance within the application. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No NVD CVSS vector or score was provided with this CVE, requiring independent assessment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can submit XML-formatted pattern definitions to an application that passes them to PatternParser constructs a document containing an external entity referencing a sensitive file (e.g., /etc/passwd, web.config, or an internal cloud metadata endpoint). When PatternParser processes the document without entity resolution restrictions, the parser fetches and includes the file content, which the attacker can then observe via application output or error messages. … |
| Remediation | Upgrade Lucene.Net.Analysis.Common to version 4.8.0-beta00018, which is the vendor-confirmed patched release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41517