.avif)
View all vulnerabilities
CVE-2024-47561
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Description
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
9.8
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions
org.apache.avro:avro < 1.11.4
Severity
Critical
Critical
Critical
Ecosystem
Java
Publish Date
October 3, 2024
Modified Date
July 10, 2025