CVE-2024-47561

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47561
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/10/03/1 Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20241011-0003/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*
History

10 Jul 2025, 21:04

Type Values Removed Values Added
First Time Netapp
Netapp active Iq Unified Manager
Netapp brocade San Navigator
Apache avro
Apache
CPE cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*
References () https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x - () https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x - Mailing List, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2024/10/03/1 - () http://www.openwall.com/lists/oss-security/2024/10/03/1 - Mailing List, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20241011-0003/ - () https://security.netapp.com/advisory/ntap-20241011-0003/ - Third Party Advisory

21 Nov 2024, 09:39

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/10/03/1 -
  • () https://security.netapp.com/advisory/ntap-20241011-0003/ -

03 Oct 2024, 19:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3
Summary
  • (es) El análisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten código arbitrario. Se recomienda a los usuarios actualizar a la versión 1.11.4 o 1.12.0, que solucionan este problema.

03 Oct 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-03 11:15

Updated : 2025-07-10 21:04

NVD link : CVE-2024-47561

Mitre link : CVE-2024-47561

CVE.ORG link : CVE-2024-47561

JSON object : View

Products Affected

netapp

  • active_iq_unified_manager
  • brocade_san_navigator

apache

  • avro
CWE
CWE-502

Deserialization of Untrusted Data