Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔐 CVE-2024-47561: org.apache.avro:avro:jar:1.11.3:compile #76

Closed
github-actions bot opened this issue Oct 5, 2024 · 0 comments · Fixed by #78 · May be fixed by #77
Closed

🔐 CVE-2024-47561: org.apache.avro:avro:jar:1.11.3:compile #76

github-actions bot opened this issue Oct 5, 2024 · 0 comments · Fixed by #78 · May be fixed by #77
Assignees
@ckunki
Labels
security

Comments

@github-actions
Copy link

github-actions bot commented Oct 5, 2024

Summary

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

CVE: CVE-2024-47561
CWE: CWE-502

References
@github-actions github-actions bot mentioned this issue Oct 5, 2024
Open
@ckunki ckunki self-assigned this Oct 17, 2024
@ckunki ckunki mentioned this issue Oct 17, 2024
Merged
ckunki added a commit that referenced this issue Oct 17, 2024
@ckunki
#76 fixed vulnerability CVE 2024 47561 in org.apache.avro avro (#78)
133b5bb 
* Updated version to 2.0.11

* Updated dependencies

* Updated changes file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ckunki ckunki

Labels
security
Projects
None yet
Milestone
No milestone
1 participant
@ckunki