Description

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

INFO

Published Date :

2024-10-03T10:23:16.214Z

Last Modified :

2024-10-21T08:51:22.972Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47561 vulnerability.

Vendors Products
Apache
  • Avro
Redhat
  • Apache Camel Spring Boot
  • Apicurio Registry
  • Camel K
  • Camel Quarkus
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Application Platform Eus
  • Quarkus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47561.

URL Resource
http://www.openwall.com/lists/oss-security/2024/10/03/1 cve-icon
https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-47561 cve-icon
https://security.netapp.com/advisory/ntap-20241011-0003/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-47561 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact