Back to all
CVE

CVE-2024-47561

Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.

Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

Endor Patches

Patch Name
Vulnerabilities fixed
Lines of Code Changed
com.thoughtworks.xstream:xstream
com.thoughtworks.xstream:xstream
com.thoughtworks.xstream:xstream