Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/avro@1.6.2
Typepypi
Namespace
Nameavro
Version1.6.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.5
Latest_non_vulnerable_version1.11.5
Affected_by_vulnerabilities
0
url VCID-cfcn-gwwn-ybe8
vulnerability_id VCID-cfcn-gwwn-ybe8
summary 
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.

This issue affects Apache Avro Java SDK: all versions through 1.11.4 and versionĀ 1.12.0.

Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.
references
0
reference_url https://github.com/apache/avro
reference_id
reference_type
scores
url https://github.com/apache/avro
1
reference_url https://github.com/apache/avro/commit/84bc7322ca1c04ab4a8e4e708acf1e271541aac4
reference_id
reference_type
scores
url https://github.com/apache/avro/commit/84bc7322ca1c04ab4a8e4e708acf1e271541aac4
2
reference_url https://github.com/apache/avro/pull/3150
reference_id
reference_type
scores
url https://github.com/apache/avro/pull/3150
3
reference_url https://issues.apache.org/jira/browse/AVRO-4053
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/AVRO-4053
4
reference_url https://lists.apache.org/thread/fy88wmgf1lj9479vrpt12cv8x73lroj1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://lists.apache.org/thread/fy88wmgf1lj9479vrpt12cv8x73lroj1
5
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEAVRO-15282783
reference_id
reference_type
scores
url https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEAVRO-15282783
6
reference_url http://www.openwall.com/lists/oss-security/2026/02/12/2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url http://www.openwall.com/lists/oss-security/2026/02/12/2
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-33042
reference_id CVE-2025-33042
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-33042
8
reference_url https://github.com/advisories/GHSA-rp46-r563-jrc7
reference_id GHSA-rp46-r563-jrc7
reference_type
scores
url https://github.com/advisories/GHSA-rp46-r563-jrc7
fixed_packages
0
url pkg:pypi/avro@1.11.5
purl pkg:pypi/avro@1.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/avro@1.11.5
aliases CVE-2025-33042, GHSA-rp46-r563-jrc7, PYSEC-2026-26
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfcn-gwwn-ybe8
1
url VCID-p54a-fes2-x7gu
vulnerability_id VCID-p54a-fes2-x7gu
summary 
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2.  Users should update to apache-avro version 1.11.3 which addresses this issue.
references
0
reference_url https://github.com/apache/avro
reference_id
reference_type
scores
url https://github.com/apache/avro
1
reference_url https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828
reference_id
reference_type
scores
url https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml
3
reference_url https://issues.apache.org/jira/browse/AVRO-3819
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/AVRO-3819
4
reference_url https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds
5
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20240621-0006
6
reference_url https://www.openwall.com/lists/oss-security/2023/09/29/6
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2023/09/29/6
7
reference_url http://www.openwall.com/lists/oss-security/2023/09/29/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url http://www.openwall.com/lists/oss-security/2023/09/29/6
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39410
reference_id CVE-2023-39410
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-39410
9
reference_url https://github.com/advisories/GHSA-rhrv-645h-fjfh
reference_id GHSA-rhrv-645h-fjfh
reference_type
scores
url https://github.com/advisories/GHSA-rhrv-645h-fjfh
fixed_packages
0
url pkg:pypi/avro@1.11.3
purl pkg:pypi/avro@1.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cfcn-gwwn-ybe8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/avro@1.11.3
aliases CVE-2023-39410, GHSA-rhrv-645h-fjfh, PYSEC-2023-188
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p54a-fes2-x7gu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/avro@1.6.2