Arbitrary Code Execution (ACE)

org.apache.parquet, parquet-avro is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insecure schema parsing in the parquet-avro module and due to improper enforcement of package trust boundaries during deserialization, which allows an attacker to execute arbitrary code by...

Logstash 8.15.3 Security Update (ESA-2024-38)

Logstash affected by CVE-2024-47561 in Apache Avro ESA-2024-38 On October 3, 2024, CVE-2024-47561 was published, which can lead to execution of arbitrary code. The issue only affects users using the Kafka integration plugin and only if a malicious schema is loaded through the schema registry...