View all vulnerabilities

CVE-2024-47561

Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
9.8
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions
org.apache.avro:avro < 1.11.4
Severity
Ecosystem
Publish Date
October 3, 2024
Modified Date
July 10, 2025