DirectorySecurity Advisories
Sign In
Security Advisories

CGA-jwf5-xmv5-8v4w

Published

Last updated

https://images.chainguard.dev/security/CGA-jwf5-xmv5-8v4w
Package

spark-3.5-scala-2.12

Latest Update
Pending upstream fix
Aliases
  • CVE-2024-47561
  • GHSA-r7pg-v2c8-mfg3

Severity

9.8

Critical

CVSS V3

Summary

Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)

Description

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation