Apache Avro Java SDK Vulnerability
CVE-2024-47561

Currently unrated

Key Information:

Vendor

Apache
Status
Apache Avro Java Sdk
Vendor
CVE Published:
3 October 2024

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-47561?

A vulnerability in the schema parsing component of the Java SDK within Apache Avro versions up to 1.11.3 exposes systems to potential arbitrary code execution. This weakness allows malicious actors to exploit improperly handled schema data, potentially leading to severe security breaches. Users utilizing versions prior to 1.11.4 should urgently upgrade to mitigate risks associated with this vulnerability. The latest versions address these security concerns effectively.

Affected Version(s)

Apache Avro Java SDK 0 < 1.11.4

News Articles

favicon imageThe Hacker News

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

Urgent patch advised for Apache Avro Java SDK flaw (CVE-2024-47561) that allows code execution.

References

https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1...
vendor-advisory

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kostya Kortchinsky, from the Databricks Security Team
.