8 matches found
Security Bulletin: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code, which affects IBM watsonx.data
Summary Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to...
CVE-2025-46762 vulnerabilities
Vulnerabilities for packages: trino...
CVE-2025-46762 vulnerabilities
Vulnerabilities for packages: trino...
ai.h2o:h2o-hive (>=3.42.0.1 <=3.46.0.11), ai.onehouse:lakeview-sync-tool (>=0.18.5 <=0.30.0) +491 more potentially affected by CVE-2025-46762 via org.apache.parquet:parquet-avro (>=1.10.0 <=1.15.1)
org.apache.parquet:parquet-avro MAVEN version =1.10.0, =3.42.0.1, =0.18.5, =0.6.1.2, =0.1.1, =0.3.0, =1.0.0, =1.0.0, =1.2.3, =1.0.0-beta.2, =1.0.0, =1.0.0-beta.4, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2025-46762 Source advisory: SNYK:JAVA-ORGAPACHEPARQUET-10060156...
CVE-2025-46762
A flaw was found in the Apache Parquet parquet-avro module. This vulnerability allows potential malicious code execution via malicious schema deserialization when using the "specific" or "reflect" Avro data models to read Parquet files. Simply opening or processing a Parquet file could potentiall...
CVE-2025-46762
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...
CVE-2025-46762 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...
CVE-2025-46762
CVE-2025-46762 affects Apache Parquet, specifically the parquet-avro module (versions 1.15.0 and earlier). The issue is a schema parsing flaw that can allow arbitrary code execution when the client uses the specific or reflect models to read Parquet files; the generic model is not affected. Upgra...