{"uuid": "a092b566-c1ee-4a47-80e7-af082c77587a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/1828", "content": "#news\n\nhttps://github.com/advisories/GHSA-r7pg-v2c8-mfg3\nA critical vulnerability, CVE-2024-47561, has been identified in the Apache Avro Java SDK, affecting all versions up to and including 1.11.3. This vulnerability allows an attacker to execute arbitrary code on systems parsing Avro data via a specially crafted schema. The root of the issue lies in the deserialization of untrusted data, a common flaw that can lead to remote code execution (RCE). This flaw could be exploited if an application processes malicious Avro schemas, potentially compromising the system entirely.\n\nThe vulnerability was discovered by Kostya Kortchinsky from the Databricks Security Team. Exploits could be launched through frameworks like Kafka or other data pipeline technologies relying on Avro schemas. Although no public proof-of-concept (PoC) has been released yet, this vulnerability poses a serious threat, especially to systems that allow users to upload or provide their own Avro schemas for parsing.\n\nMitigation steps include upgrading to version 1.11.4 or later, which patches the vulnerability, as well as employing schema sanitization and avoiding user-provided schemas wherever possible. It's essential that organizations prioritize patching to avoid security risks", "creation_timestamp": "2024-10-08T16:18:58.000000Z"}