CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-47561

CVSS 9.2v4.0pub. 2024-10-03upd. 2025-07-10

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Apache Avro

    APP
    Apache
    < 1.11.4
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Brocade San Navigator

    APP
    Netapp
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2024-52533CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4

CVE-2023-38545CRITICAL9.8ten sam produkt

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass a...

CVE-2021-32292CRITICAL9.8ten sam produkt

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buf...

CVE-2023-23914CRITICAL9.1ten sam produkt

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS ...