Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.
History

Thu, 05 Dec 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat quarkus
CPEs cpe:/a:redhat:quarkus:3.2::el8
Vendors & Products Redhat quarkus

Mon, 25 Nov 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

Fri, 22 Nov 2024 12:00:00 +0000


Wed, 23 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat camel K
CPEs cpe:/a:redhat:camel_k:1.10.8
Vendors & Products Redhat camel K

Mon, 21 Oct 2024 09:00:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Tue, 15 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat apache Camel Spring Boot
CPEs cpe:/a:redhat:apache_camel_spring_boot:4.4.3
Vendors & Products Redhat apache Camel Spring Boot

Fri, 11 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat camel Quarkus
CPEs cpe:/a:redhat:camel_quarkus:3.8
Vendors & Products Redhat camel Quarkus

Thu, 10 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat apicurio Registry
CPEs cpe:/a:redhat:apicurio_registry:2.6
Vendors & Products Redhat apicurio Registry

Wed, 09 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat jboss Enterprise Application Platform
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Vendors & Products Redhat
Redhat jboss Enterprise Application Platform

Fri, 04 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Critical


Thu, 03 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache avro
CPEs cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*
Vendors & Products Apache
Apache avro
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 03 Oct 2024 10:45:00 +0000

Type Values Removed Values Added
Description Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.
Title Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
Weaknesses CWE-502
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-10-03T10:23:16.214Z

Updated: 2024-10-21T08:51:22.972Z

Reserved: 2024-09-27T07:06:47.522Z

Link: CVE-2024-47561

cve-icon Vulnrichment

Updated: 2024-10-11T22:03:16.050Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-03T11:15:13.510

Modified: 2024-11-21T09:39:54.757

Link: CVE-2024-47561

cve-icon Redhat

Severity : Critical

Publid Date: 2024-10-03T12:20:00Z

Links: CVE-2024-47561 - Bugzilla