Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Avro | Apache | * | 1.11.4 (excluding) |
Red Hat build of Apache Camel 4.4.3 for Spring Boot | RedHat | org.apache.avro/avro | * |
Red Hat build of Apache Camel 4 for Quarkus 3 | RedHat | org.apache.avro/avro | * |
Red Hat build of Apicurio Registry 2.6.5 GA | RedHat | org.apache.avro/avro | * |
Red Hat build of Quarkus 3.2 | RedHat | org.apache.avro/avro | * |
Red Hat build of Quarkus 3.8 | RedHat | org.apache.avro/avro | * |
Red Hat JBoss Enterprise Application Platform 7 | RedHat | avro | * |
Red Hat JBoss Enterprise Application Platform 7 | RedHat | * | |
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-apache-cxf-0:3.1.16-3.SP1_redhat_00001.1.ep7.el7 | * |
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-avro-0:1.7.6-2.redhat_00003.1.ep7.el7 | * |
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7 | * |
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-h2database-0:1.4.197-2.redhat_00005.1.ep7.el7 | * |
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-jackson-databind-0:2.8.11.6-1.SP1_redhat_00001.1.ep7.el7 | * |
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.ep7.el7 | * |
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-jboss-xnio-base-0:3.5.10-1.Final_redhat_00001.1.ep7.el7 | * |
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-wildfly-0:7.1.8-2.GA_redhat_00002.1.ep7.el7 | * |
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | RedHat | eap7-xalan-j2-0:2.7.1-26.redhat_00015.1.ep7.el7 | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-apache-cxf-0:3.4.10-1.SP1_redhat_00001.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-avro-0:1.7.6-8.redhat_00003.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-h2database-0:1.4.197-3.redhat_00004.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jboss-annotations-api_1.3_spec-0:2.0.1-4.Final_redhat_00001.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jboss-marshalling-0:2.0.15-1.Final_redhat_00001.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jboss-server-migration-0:1.7.2-12.Final_redhat_00013.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-jboss-xnio-base-0:3.7.13-1.Final_redhat_00001.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-log4j-jboss-logmanager-0:1.2.2-2.Final_redhat_00002.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-wildfly-0:7.3.11-4.GA_redhat_00002.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-wss4j-0:2.3.3-2.redhat_00001.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-xalan-j2-0:2.7.1-38.redhat_00015.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | RedHat | eap7-xml-security-0:2.2.3-2.redhat_00001.1.el7eap | * |
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-avro-0:1.11.4-1.redhat_00001.1.el8eap | * |
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-avro-0:1.11.4-1.redhat_00001.1.el9eap | * |
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-avro-0:1.11.4-1.redhat_00001.1.el7eap | * |
RHINT Camel-K 1.10.8 | RedHat | org.apache.avro/avro | * |