Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XApache Avro
APPApache< 1.11.4Netapp Active Iq Unified Manager
APPNetappwszystkie wersjeNetapp Brocade San Navigator
APPNetappwszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEDeserialization
CWE
Related vulnerabilities
CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
CVE-2024-52533CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4
CVE-2023-38545CRITICAL9.8ten sam produkt
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass a...
CVE-2021-32292CRITICAL9.8ten sam produkt
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buf...
CVE-2023-23914CRITICAL9.1ten sam produkt
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS ...