Security News > 2024 > October > Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

2024-10-07 09:30
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute
News URL
https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
Related news
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- WordPress security plugin WP Ghost vulnerable to remote code execution bug (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)