High severity7.3NVD Advisory· Published Oct 3, 2024· Updated Jun 17, 2026
CVE-2024-47561
CVE-2024-47561
Description
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.avro:avroMaven | < 1.11.4 | 1.11.4 |
Affected products
175- osv-coords174 versionspkg:apk/chainguard/akhqpkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-compatpkg:apk/chainguard/apache-nifi-toolkitpkg:apk/chainguard/celeborn-0.6pkg:apk/chainguard/hadoop-client-modulespkg:apk/chainguard/logstash-8pkg:apk/chainguard/logstash-8-bitnami-compatpkg:apk/chainguard/logstash-8-compatpkg:apk/chainguard/logstash-8-env2yamlpkg:apk/chainguard/logstash-8-iamguarded-compatpkg:apk/chainguard/logstash-8-with-output-opensearchpkg:apk/chainguard/logstash-jre-bcfipspkg:apk/chainguard/logstash-jre-bcfips-compatpkg:apk/chainguard/logstash-jre-bcfips-env2yamlpkg:apk/chainguard/logstash-jre-bcfips-with-output-opensearchpkg:apk/chainguard/tezpkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/chainguard/wavefront-proxypkg:apk/chainguard/wavefront-proxy-compatpkg:apk/chainguard/wavefront-proxy-configpkg:apk/chainguard/wavefront-proxy-licensespkg:apk/chainguard/wavefront-proxy-oci-entrypointpkg:apk/wolfi/akhqpkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-compatpkg:apk/wolfi/apache-nifi-toolkitpkg:apk/wolfi/celeborn-0.6pkg:apk/wolfi/logstash-8pkg:apk/wolfi/logstash-8-bitnami-compatpkg:apk/wolfi/logstash-8-compatpkg:apk/wolfi/logstash-8-env2yamlpkg:apk/wolfi/logstash-8-iamguarded-compatpkg:apk/wolfi/logstash-8-with-output-opensearchpkg:apk/wolfi/tezpkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:apk/wolfi/wavefront-proxypkg:apk/wolfi/wavefront-proxy-compatpkg:apk/wolfi/wavefront-proxy-configpkg:apk/wolfi/wavefront-proxy-licensespkg:apk/wolfi/wavefront-proxy-oci-entrypointpkg:maven/org.apache.avro/avro
< 0.25.1-r1+ 173 more
- (no CPE)range: < 0.25.1-r1
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 0.6.3-r7
- (no CPE)range: < 3.3.6-r8
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.15.3-r0
- (no CPE)range: < 8.15.3-r0
- (no CPE)range: < 8.15.3-r0
- (no CPE)range: < 8.15.3-r0
- (no CPE)range: < 0.10.4-r8
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 0.25.1-r1
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 2.3.0-r0
- (no CPE)range: < 0.6.3-r7
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 8.17.3-r3
- (no CPE)range: < 0.10.4-r8
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 472-r0
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 13.7-r2
- (no CPE)range: < 1.11.4
- Range: 0
Patches
Vulnerability mechanics
References
13- www.openwall.com/lists/oss-security/2024/10/03/1nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-r7pg-v2c8-mfg3ghsaADVISORY
- lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5xnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-47561ghsaADVISORY
- security.netapp.com/advisory/ntap-20241011-0003/nvdThird Party Advisory
- github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900ghsaWEB
- github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285ghsaWEB
- github.com/apache/avro/pull/2934ghsaWEB
- github.com/apache/avro/pull/2980ghsaWEB
- issues.apache.org/jira/browse/AVRO-3985ghsaWEB
- security.netapp.com/advisory/ntap-20241011-0003ghsaWEB
- thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.htmlghsaWEB
- www.openwall.com/lists/oss-security/2024/10/03/1ghsaWEB
News mentions
0No linked articles in our index yet.