CVE-2024-47561

CVE-2024-47561

Name

CVE-2024-47561

Description

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x
Mailing List	http://www.openwall.com/lists/oss-security/2024/10/03/1
Third Party Advisory	https://security.netapp.com/advisory/ntap-20241011-0003/

Type

URI

vendor-advisory

https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x

Mailing List

http://www.openwall.com/lists/oss-security/2024/10/03/1

Third Party Advisory

https://security.netapp.com/advisory/ntap-20241011-0003/

CPE URI	Source package	Min version	Max version
	apache-avro-java-sdk	>= 0	< 1.11.4
`cpe:2.3:a:apache:avro::::::-::*`	avro	>= None	< 1.11.4

CPE URI

Source package

Min version

Max version

apache-avro-java-sdk

>= 0

< 1.11.4

cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*

avro

>= None

< 1.11.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
avro	edge-community	1.11.3-r2	nu <llnu@protonmail.ch>	possibly vulnerable
avro	edge-community	1.11.3-r1	nu <llnu@protonmail.ch>	possibly vulnerable
avro	3.22-community	1.11.3-r1	nu <llnu@protonmail.ch>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

avro

edge-community

1.11.3-r2

nu <llnu@protonmail.ch>

possibly vulnerable

avro

edge-community