Security News > 2024 > October > Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
2024-10-07 09:30
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4. "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute
News URL
https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
Related news
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Critical flaws in Mongoose library expose MongoDB to data thieves, code execution (source)