CVE-2024-47561

EUVD-2024-3126
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
apacheavro
𝑥
< 1.11.4
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netappbrocade_san_navigator
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
apacheavro
𝑥
< 1.11.4
ADP
Common Weakness Enumeration
References
https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x
http://www.openwall.com/lists/oss-security/2024/10/03/1
https://security.netapp.com/advisory/ntap-20241011-0003/