CGA-6pm4-w9vr-cj5w

Published

Last updated

https://images.chainguard.dev/security/CGA-6pm4-w9vr-cj5w

Package

wavefront-proxy

Latest Update

Fixed

Fixed Version

13.7-r2

Aliases

Severity

9.8

Critical

CVSS V3

Summary

Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)

Description

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-6pm4-w9vr-cj5w

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources