Security Advisories

CGA-8q34-h6rx-rrwj

Published

Last updated

https://images.chainguard.dev/security/CGA-8q34-h6rx-rrwj

Package

wavefront-proxy

Latest Update

Fixed

Fixed Version

13.3-r1

Aliases

CVE-2023-39410
GHSA-rhrv-645h-fjfh

Severity

7.5

High

CVSS V3

Summary

Apache Avro Java SDK vulnerable to Improper Input Validation

Description

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-39410
https://github.com/advisories/GHSA-rhrv-645h-fjfh
https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828
https://github.com/apache/avro
https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml
https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
https://security.netapp.com/advisory/ntap-20240621-0006
https://www.openwall.com/lists/oss-security/2023/09/29/6
http://www.openwall.com/lists/oss-security/2023/09/29/6

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-8q34-h6rx-rrwj

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources