CVE-2024-47561

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
apacheCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
apacheavro
𝑥
< 1.11.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x
http://www.openwall.com/lists/oss-security/2024/10/03/1
https://security.netapp.com/advisory/ntap-20241011-0003/