Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
Metrics
Affected Vendors & Products
References
History
Fri, 04 Oct 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 03 Oct 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache avro |
|
CPEs | cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:* | |
Vendors & Products |
Apache
Apache avro |
|
Metrics |
cvssV3_1
|
Thu, 03 Oct 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue. | |
Title | Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK) | |
Weaknesses | CWE-502 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-10-03T10:23:16.214Z
Updated: 2024-10-03T18:59:41.415Z
Reserved: 2024-09-27T07:06:47.522Z
Link: CVE-2024-47561
Vulnrichment
Updated: 2024-10-03T18:03:29.779Z
NVD
Status : Awaiting Analysis
Published: 2024-10-03T11:15:13.510
Modified: 2024-10-04T13:50:43.727
Link: CVE-2024-47561
Redhat