CVE-2024-47561

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47561

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

S

chema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

References
Link Resource
https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/10/03/1 Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20241011-0003/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*
History

10 Jul 2025, 21:04

Type Values Removed Values Added
First Time Apache avro
Netapp brocade San Navigator
Apache
Netapp active Iq Unified Manager
Netapp
References () https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x - () https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x - Mailing List, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2024/10/03/1 - () http://www.openwall.com/lists/oss-security/2024/10/03/1 - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20241011-0003/ - () https://security.netapp.com/advisory/ntap-20241011-0003/ - Third Party Advisory
CPE cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*

21 Nov 2024, 09:39

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/10/03/1 -
  • () https://security.netapp.com/advisory/ntap-20241011-0003/ -

03 Oct 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3
Summary
  • (es) El análisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten código arbitrario. Se recomienda a los usuarios actualizar a la versión 1.11.4 o 1.12.0, que solucionan este problema.

03 Oct 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-03 11:15

Updated : 2025-07-10 21:04

NVD link : CVE-2024-47561

Mitre link : CVE-2024-47561

CVE.ORG link : CVE-2024-47561

JSON object : View

Products Affected

netapp

apache

CWE
CWE-502

Deserialization of Untrusted Data