Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
References
| Link | Resource |
|---|---|
| https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x | Mailing List Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2024/10/03/1 | Mailing List Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20241011-0003/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
10 Jul 2025, 21:04
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Apache avro
Apache Netapp active Iq Unified Manager Netapp Netapp brocade San Navigator |
|
| CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:* cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
|
| References | () https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x - Mailing List, Vendor Advisory | |
| References | () http://www.openwall.com/lists/oss-security/2024/10/03/1 - Mailing List, Third Party Advisory | |
| References | () https://security.netapp.com/advisory/ntap-20241011-0003/ - Third Party Advisory |
Information
Published : 2024-10-03 11:15
Updated : 2025-07-10 21:04
NVD link : CVE-2024-47561
Mitre link : CVE-2024-47561
CVE.ORG link : CVE-2024-47561
JSON object : View
Products Affected
netapp
- brocade_san_navigator
- active_iq_unified_manager
apache
- avro
CWE
CWE-502
Deserialization of Untrusted Data