CVE-2024-47561

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47561
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47561.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47561
Aliases
Downstream
Related
Published
2024-10-03T11:15:13Z
Modified
2025-07-16T10:45:38.016816Z
Summary
[none]
Details

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

References

Affected packages

Git / github.com/apache/avro

Affected ranges

Type
GIT
Repo
https://github.com/apache/avro
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6f119ef077e3a50382ba13164afecdf84408fc2f

Affected versions

release-1.*

release-1.11.0
release-1.11.0-rc1
release-1.11.0-rc2
release-1.11.1
release-1.11.1-rc1
release-1.11.2
release-1.11.2-rc1
release-1.11.3
release-1.11.3-rc1