{"vulnerability": "CVE-2024-47561", "sightings": [{"uuid": "7b4a2a33-c50e-4b7c-9b89-5ec6c4e61433", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/ton618cyber/1766", "content": "Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications\n\nUrgent patch advised for Apache Avro Java SDK flaw (CVE-2024-47561) that allows code execution.\n\nthehackernews.com \u2022 Oct 7, 2024", "creation_timestamp": "2024-10-08T15:45:01.000000Z"}, {"uuid": "7eaa0b7a-1883-42bb-90a1-8b2676a105fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/cvedetector/6892", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47561 - Apache Avro Java SDK Arbitrary Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47561 \nPublished : Oct. 3, 2024, 11:15 a.m. | 42\u00a0minutes ago \nDescription : Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.  \nUsers are recommended to upgrade to version 1.11.4\u00a0 or 1.12.0, which fix this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T14:06:25.000000Z"}, {"uuid": "a092b566-c1ee-4a47-80e7-af082c77587a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/1828", "content": "#news\n\nhttps://github.com/advisories/GHSA-r7pg-v2c8-mfg3\nA critical vulnerability, CVE-2024-47561, has been identified in the Apache Avro Java SDK, affecting all versions up to and including 1.11.3. This vulnerability allows an attacker to execute arbitrary code on systems parsing Avro data via a specially crafted schema. The root of the issue lies in the deserialization of untrusted data, a common flaw that can lead to remote code execution (RCE). This flaw could be exploited if an application processes malicious Avro schemas, potentially compromising the system entirely.\n\nThe vulnerability was discovered by Kostya Kortchinsky from the Databricks Security Team. Exploits could be launched through frameworks like Kafka or other data pipeline technologies relying on Avro schemas. Although no public proof-of-concept (PoC) has been released yet, this vulnerability poses a serious threat, especially to systems that allow users to upload or provide their own Avro schemas for parsing.\n\nMitigation steps include upgrading to version 1.11.4 or later, which patches the vulnerability, as well as employing schema sanitization and avoiding user-provided schemas wherever possible. It's essential that organizations prioritize patching to avoid security risks", "creation_timestamp": "2024-10-08T16:18:58.000000Z"}, {"uuid": "206ebd7a-cc87-4518-a81c-938363fef888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "Telegram/skEHCfJ_x5c-yP0mkJ7VZM_AJhkEuRmn3wUzz8p1zomZBA", "content": "", "creation_timestamp": "2024-10-07T18:07:34.000000Z"}, {"uuid": "e5b13613-59e4-4254-bd8d-b68441779780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/15215", "content": "\u200aCVE-2024-47561: Critical Flaw in Apache Avro Java SDK Allows Arbitrary Code Execution\n\nhttps://securityonline.info/cve-2024-47561-critical-flaw-in-apache-avro-java-sdk-allows-arbitrary-code-execution/", "creation_timestamp": "2024-10-05T17:00:36.000000Z"}, {"uuid": "685684ea-0ca1-419e-a833-0dd027459e24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/23093", "content": "The Hacker News\nCritical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications\n\nA critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances.\nThe flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4.\n\"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute", "creation_timestamp": "2024-10-07T18:07:18.000000Z"}, {"uuid": "304c0e18-829d-448b-ab05-a5f91b78da69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/InfoSecInsider/23996", "content": "\u26a1\ufe0fCVE-2024-47561: Critical Flaw in Apache Avro Java SDK Allows Arbitrary Code Execution.\n\n#CyberBulletin", "creation_timestamp": "2024-10-04T14:16:16.000000Z"}, {"uuid": "de866fc5-45c9-4553-9b7f-9b629fd21863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/CyberBulletin/25919", "content": "\u26a1\ufe0fCVE-2024-47561: Critical Flaw in Apache Avro Java SDK Allows Arbitrary Code Execution.\n\n#CyberBulletin", "creation_timestamp": "2024-10-04T14:13:07.000000Z"}, {"uuid": "3297ffa1-2bde-409c-a0cc-134555994dea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/InfoSecInsider/438", "content": "\u26a1\ufe0fCVE-2024-47561: Critical Flaw in Apache Avro Java SDK Allows Arbitrary Code Execution.\n\n#CyberBulletin", "creation_timestamp": "2024-10-04T14:16:23.000000Z"}, {"uuid": "6a80b394-6bb2-4637-b98a-3850a956708b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/ton618cyber/5297", "content": "#news\n\nhttps://github.com/advisories/GHSA-r7pg-v2c8-mfg3\nA critical vulnerability, CVE-2024-47561, has been identified in the Apache Avro Java SDK, affecting all versions up to and including 1.11.3. This vulnerability allows an attacker to execute arbitrary code on systems parsing Avro data via a specially crafted schema. The root of the issue lies in the deserialization of untrusted data, a common flaw that can lead to remote code execution (RCE). This flaw could be exploited if an application processes malicious Avro schemas, potentially compromising the system entirely.\n\nThe vulnerability was discovered by Kostya Kortchinsky from the Databricks Security Team. Exploits could be launched through frameworks like Kafka or other data pipeline technologies relying on Avro schemas. Although no public proof-of-concept (PoC) has been released yet, this vulnerability poses a serious threat, especially to systems that allow users to upload or provide their own Avro schemas for parsing.\n\nMitigation steps include upgrading to version 1.11.4 or later, which patches the vulnerability, as well as employing schema sanitization and avoiding user-provided schemas wherever possible. It's essential that organizations prioritize patching to avoid security risks", "creation_timestamp": "2024-10-08T16:18:57.000000Z"}, {"uuid": "e334b34f-e503-4c52-b3c6-24b140e298bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/ton618cyber/5228", "content": "Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications\n\nUrgent patch advised for Apache Avro Java SDK flaw (CVE-2024-47561) that allows code execution.\n\nthehackernews.com \u2022 Oct 7, 2024", "creation_timestamp": "2024-10-08T15:44:59.000000Z"}, {"uuid": "ab227ce0-f82d-4ad7-9da8-aa9e11bf0a34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "published-proof-of-concept", "source": "https://t.me/leaksmain/291", "content": "#news\n\nhttps://github.com/advisories/GHSA-r7pg-v2c8-mfg3\nA critical vulnerability, CVE-2024-47561, has been identified in the Apache Avro Java SDK, affecting all versions up to and including 1.11.3. This vulnerability allows an attacker to execute arbitrary code on systems parsing Avro data via a specially crafted schema. The root of the issue lies in the deserialization of untrusted data, a common flaw that can lead to remote code execution (RCE). This flaw could be exploited if an application processes malicious Avro schemas, potentially compromising the system entirely.\n\nThe vulnerability was discovered by Kostya Kortchinsky from the Databricks Security Team. Exploits could be launched through frameworks like Kafka or other data pipeline technologies relying on Avro schemas. Although no public proof-of-concept (PoC) has been released yet, this vulnerability poses a serious threat, especially to systems that allow users to upload or provide their own Avro schemas for parsing.\n\nMitigation steps include upgrading to version 1.11.4 or later, which patches the vulnerability, as well as employing schema sanitization and avoiding user-provided schemas wherever possible. It's essential that organizations prioritize patching to avoid security risks", "creation_timestamp": "2024-10-08T01:05:26.000000Z"}, {"uuid": "8a386509-78bc-4113-bd3b-f5d7061c802c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/nodejsleaks/1031", "content": "#news\n\nhttps://github.com/advisories/GHSA-r7pg-v2c8-mfg3\nA critical vulnerability, CVE-2024-47561, has been identified in the Apache Avro Java SDK, affecting all versions up to and including 1.11.3. This vulnerability allows an attacker to execute arbitrary code on systems parsing Avro data via a specially crafted schema. The root of the issue lies in the deserialization of untrusted data, a common flaw that can lead to remote code execution (RCE). This flaw could be exploited if an application processes malicious Avro schemas, potentially compromising the system entirely.\n\nThe vulnerability was discovered by Kostya Kortchinsky from the Databricks Security Team. Exploits could be launched through frameworks like Kafka or other data pipeline technologies relying on Avro schemas. Although no public proof-of-concept (PoC) has been released yet, this vulnerability poses a serious threat, especially to systems that allow users to upload or provide their own Avro schemas for parsing.\n\nMitigation steps include upgrading to version 1.11.4 or later, which patches the vulnerability, as well as employing schema sanitization and avoiding user-provided schemas wherever possible. It's essential that organizations prioritize patching to avoid security risks", "creation_timestamp": "2024-10-08T01:05:19.000000Z"}, {"uuid": "de54b03a-0d01-44c9-a583-70f7e7639c45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/5003", "content": "The Hacker News\nCritical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications\n\nA critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances.\nThe flaw, tracked as CVE-2024-47561, impacts all versions of the software prior to 1.11.4.\n\"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute", "creation_timestamp": "2024-10-07T18:07:18.000000Z"}, {"uuid": "28452f01-ae56-45d3-b78d-230490d2014d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113869714895593544", "content": "", "creation_timestamp": "2025-01-22T02:46:01.199945Z"}, {"uuid": "096aca50-e9db-423a-a189-713ef612b76b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/CyberBulletin/1024", "content": "\u26a1\ufe0fCVE-2024-47561: Critical Flaw in Apache Avro Java SDK Allows Arbitrary Code Execution.\n\n#CyberBulletin", "creation_timestamp": "2024-10-04T14:13:07.000000Z"}, {"uuid": "e7a1a846-b6b6-431f-8810-9f24f9fcaaa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47561", "type": "seen", "source": "https://t.me/thehackernews/5694", "content": "A critical security flaw in Apache Avro SDK (CVE-2024-47561) threatens large-scale data processing systems.  \n \nEnsure your systems are patched to avoid arbitrary code execution risks. \n \nDetails here: https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html", "creation_timestamp": "2024-10-07T11:45:20.000000Z"}]}