Lucene search
+L

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/02 2:0 p.m.8 views

Security Bulletin: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code, which affects IBM watsonx.data

Summary Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to...

8.1CVSS7.5AI score0.01446EPSS
Exploits0Affected Software1
Wolfi
Wolfi
added 2025/06/03 1:45 p.m.20 views

CVE-2025-46762 vulnerabilities

Vulnerabilities for packages: trino...

8.1CVSS6.9AI score0.01446EPSS
Exploits0
Chainguard
Chainguard
added 2025/06/03 1:15 p.m.22 views

CVE-2025-46762 vulnerabilities

Vulnerabilities for packages: trino...

8.1CVSS6.9AI score0.01446EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/06 12:30 p.m.7 views

ai.h2o:h2o-hive (>=3.42.0.1 <=3.46.0.11), ai.onehouse:lakeview-sync-tool (>=0.18.5 <=0.30.0) +491 more potentially affected by CVE-2025-46762 via org.apache.parquet:parquet-avro (>=1.10.0 <=1.15.1)

org.apache.parquet:parquet-avro MAVEN version =1.10.0, =3.42.0.1, =0.18.5, =0.6.1.2, =0.1.1, =0.3.0, =1.0.0, =1.0.0, =1.2.3, =1.0.0-beta.2, =1.0.0, =1.0.0-beta.4, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2025-46762 Source advisory: SNYK:JAVA-ORGAPACHEPARQUET-10060156...

8.1CVSS7.1AI score0.01446EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/06 12:16 p.m.24 views

CVE-2025-46762

A flaw was found in the Apache Parquet parquet-avro module. This vulnerability allows potential malicious code execution via malicious schema deserialization when using the "specific" or "reflect" Avro data models to read Parquet files. Simply opening or processing a Parquet file could potentiall...

6.4CVSS6.7AI score0.01446EPSS
Exploits0References4
NVD
NVD
added 2025/05/06 10:15 a.m.28 views

CVE-2025-46762

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

8.1CVSS0.01446EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/06 9:8 a.m.27 views

CVE-2025-46762 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

7.1CVSS0.01446EPSS
Exploits0References1
CVE
CVE
added 2025/05/06 9:8 a.m.234 views

CVE-2025-46762

CVE-2025-46762 affects Apache Parquet, specifically the parquet-avro module (versions 1.15.0 and earlier). The issue is a schema parsing flaw that can allow arbitrary code execution when the client uses the specific or reflect models to read Parquet files; the generic model is not affected. Upgra...

8.1CVSS7.3AI score0.01446EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder