Lucene search
K

4 matches found

OSV
OSV
added 2025/05/06 12:30 p.m.5 views

GHSA-53WX-PR6Q-M3J5 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

7.1CVSS7.4AI score0.01446EPSS
Exploits0References5
Snyk
Snyk
added 2025/05/06 12:30 p.m.5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path during schema parsing. Although loading untrusted classes is no longer vulnerable via this vector as of version 1.15.1, by default an attacker who can control a trusted class can execute arbitrary...

8.1CVSS7.7AI score0.01446EPSS
Exploits0References2
OSV
OSV
added 2025/05/06 10:15 a.m.4 views

CVE-2025-46762

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

8.1CVSS6.1AI score0.01446EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/05/06 10:15 a.m.2 views

CVE-2025-46762

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

8.1CVSS6.1AI score0.01446EPSS
Exploits0References2
Rows per page
Query Builder