MGASA-2017-0403

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2017-12629
Published: 06 Nov 2017, 08:22
Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

06 Nov 2017, 08:22
Published
Vulnerability first disclosed
16 Apr 2026, 06:24
Last Modified
Vulnerability information updated

Description

Updated lucene packages fix security vulnerability It was found that the CoreParser class in Lucene accepts doctype declaration and expands external entities. An attacker could use this flaw to bypass security restrictions and access sensitive data (CVE-2017-12629).

Affected Systems

  • mageialucene

    < 5.5.0-4.1.mga6

References (3)