CVE-2024-47561

HIGH

Apache Avro <1.11.4-1.12.0 - RCE

Title source: llm

Description

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

References (3)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2024/10/03/1

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20241011-0003/

Scores

CVSS v3 7.3

EPSS 0.0075

EPSS Percentile 72.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502

Status published

Affected Products (6)

apache/avro < 1.11.4

netapp/active_iq_unified_manager

netapp/brocade_san_navigator

org.apache.avro/avro < 1.11.4Maven

Timeline

Published Oct 03, 2024

Tracked Since Feb 18, 2026