Apache Avro Java SDK Vulnerability

CVE-2024-47561

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Avro Java Sdk
Vendor: CVE Published:; 3 October 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

Affected Version(s)

Apache Avro Java SDK < 1.11.4

News Articles

The Hacker News

CVE-2024-47561

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

Urgent patch advised for Apache Avro Java SDK flaw (CVE-2024-47561) that allows code execution.

3 months ago

References

https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1...

vendor-advisory

Timeline

👾
Exploit known to exist
Oct 7, 2024
📰
First article discovered by The Hacker News
Oct 7, 2024
Vulnerability published
Oct 3, 2024
Vulnerability Reserved
Sep 27, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Kostya Kortchinsky, from the Databricks Security Team