7 matches found
acryl-datahub (>=0.8.24.2 <=0.11.0rc1), acryl-datahub-actions (>=0.0.1 <=0.0.8) +37 more potentially affected by CVE-2025-33042 via avro (>=1.10.0 <=1.11.3)
avro PYPI version =1.10.0, =0.8.24.2, =0.0.1, =0.9.2.2, =0.0.1, =1.0.0b4, =0.9.15, =0.0.2, =0.2.78, =0.15.8, =0.9.8, =0.1.0, =0.1.0, =0.3.0, =0.6.0 and more Source cves: CVE-2025-33042 Source advisory: OSV:PYSEC-2026-26...
Arbitrary Code Execution (ACE)
org.apache.parquet, parquet-avro is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insecure schema parsing in the parquet-avro module and due to improper enforcement of package trust boundaries during deserialization, which allows an attacker to execute arbitrary code by...
ai.h2o:h2o-hive (>=3.42.0.1 <=3.46.0.10), ai.onehouse:lakeview-sync-tool (>=0.18.5 <=0.28.0) +477 more potentially affected by CVE-2025-46762 via org.apache.parquet:parquet-avro (>=1.10.0 <=1.15.1)
org.apache.parquet:parquet-avro MAVEN version =1.10.0, =3.42.0.1, =0.18.5, =0.6.1.2, =0.1.1, =0.3.0, =1.0.0, =1.0.0, =1.2.3, =1.0.0, =1.0.0, =1.0.0-beta.4, =0.3.0, =0.3.0, =0.1.0, =1.1.8 and more Source cves: CVE-2025-46762 Source advisory: OSV:GHSA-53WX-PR6Q-M3J5...
Logstash 8.15.3 Security Update (ESA-2024-38)
Logstash affected by CVE-2024-47561 in Apache Avro ESA-2024-38 On October 3, 2024, CVE-2024-47561 was published, which can lead to execution of arbitrary code. The issue only affects users using the Kafka integration plugin and only if a malicious schema is loaded through the schema registry...
ai.chronon:aggregator_2.13 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:api_2.13 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +4353 more potentially affected by CVE-2024-47561 via org.apache.avro:avro (>=1.10.0 <=1.11.3)
org.apache.avro:avro MAVEN version =1.10.0, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.20.0, =0.22.0, =0.0.14, =0.0.14, =3.36.1.1, =3.42.0.1, =3.36.0.3-1-3.2, =0.18.5, =0.0.4, =0.0.1, =0.1.7 - ai.tripl:arc-debezium-pipeline-plugin2.12 =1.5.0 and more Source cves: CVE-2024-47561 Source advisory:...
ai.chronon:aggregator_2.13 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:api_2.13 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +3807 more potentially affected by CVE-2023-39410 via org.apache.avro:avro (>=1.10.0 <=1.11.2)
org.apache.avro:avro MAVEN version =1.10.0, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.20.0, =0.22.0, =0.0.14, =0.0.14, =3.36.1.1, =3.42.0.1, =3.36.0.3-1-3.2, =0.18.5, =0.0.4, =0.0.1, =0.1.7 - ai.tripl:arc-debezium-pipeline-plugin2.12 =1.5.0 and more Source cves: CVE-2023-39410 Source advisory:...
acryl-datahub (>=0.8.24.2 <=0.11.0rc1), acryl-datahub-actions (>=0.0.1 <=0.0.8) +29 more potentially affected by CVE-2023-39410 via avro (>=1.10.0 <=1.11.2)
avro PYPI version =1.10.0, =0.8.24.2, =0.0.1, =0.9.2.2, =0.0.1, =1.0.0b4, =0.9.15, =0.0.2, =0.2.78, =0.15.8, =0.1.0, =0.1.0, =0.3.0, =0.5.0rc1, =0.1.0, =1.1.1 and more Source cves: CVE-2023-39410 Source advisory: OSV:PYSEC-2023-188...