CVE-2024-47561: Critical Flaw in Apache Avro Java SDK Allows Arbitrary Code Execution
A critical security vulnerability identified as CVE-2024-47561 has been found in the Apache Avro Java SDK, affecting all versions before 1.11.4. Apache Avro is a data serialization system used in various data processing applications. The vulnerability is due to a flaw in the schema parsing functionality that could allow an attacker to execute arbitrary code on a system using a crafted Avro data file, leading to potential system compromise, data breaches, or denial-of-service attacks. The issue has been resolved in the newer versions 1.11.4 and 1.12.0 of the Java SDK, and users are advised to upgrade immediately to avoid risks. Kostya Kortchinsky from the Databricks Security Team discovered and reported this flaw. It is crucial for organizations using Apache Avro, particularly with the Java SDK, to update their systems promptly to prevent exploitation. In summary, organizations using Apache Avro's Java SDK should urgently update to versions 1.11.4 or 1.12.0 to address the critical vulnerability CVE-2024-47561, which allows for arbitrary code execution, and was responsibly disclosed by Kostya Kortchinsky of the Databricks Security Team. CVEs: CVE-2024-47561 [View Article](https://securityonline.info/cve-2024-47561-critical-flaw-in-apache-avro-java-sdk-allows-arbitrary-code-execution/)