Apache Avro Java SDK Vulnerability
CVE-2024-47561
Currently unrated
Key Information:
- Vendor
- Apache
- Status
- Vendor
- CVE Published:
- 3 October 2024
Badges
👾 Exploit Exists📰 News Worthy
Summary
A vulnerability in the schema parsing component of the Java SDK within Apache Avro versions up to 1.11.3 exposes systems to potential arbitrary code execution. This weakness allows malicious actors to exploit improperly handled schema data, potentially leading to severe security breaches. Users utilizing versions prior to 1.11.4 should urgently upgrade to mitigate risks associated with this vulnerability. The latest versions address these security concerns effectively.
Affected Version(s)
Apache Avro Java SDK 0 < 1.11.4
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
The Hacker NewsCVE-2024-47561Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
Urgent patch advised for Apache Avro Java SDK flaw (CVE-2024-47561) that allows code execution.
4 months ago
References
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved
Credit
Kostya Kortchinsky, from the Databricks Security Team