Open github-actions[bot] opened 1 week ago
https://avd.aquasec.com/nvd/cve-2024-47561
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue. Projects: person-search-index-from-delius Locations: org.apache.avro:avro:1.11.3 (usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/logstash-integration-kafka-11.5.1-java/vendor/jar-dependencies/org/apache/avro/avro/1.11.3/avro-1.11.3.jar) References: https://access.redhat.com/security/cve/CVE-2024-47561 https://github.com/apache/avro https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900 https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285 https://github.com/apache/avro/pull/2934 https://github.com/apache/avro/pull/2980 https://issues.apache.org/jira/browse/AVRO-3985 https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x https://nvd.nist.gov/vuln/detail/CVE-2024-47561 https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html https://www.cve.org/CVERecord?id=CVE-2024-47561 https://www.openwall.com/lists/oss-security/2024/10/03/1
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
org.apache.avro:avro:1.11.3 (usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/logstash-integration-kafka-11.5.1-java/vendor/jar-dependencies/org/apache/avro/avro/1.11.3/avro-1.11.3.jar)
apache-avro: Schema parsing may trigger Remote Code Execution (RCE)
https://avd.aquasec.com/nvd/cve-2024-47561