VulnerableCode Package Details - pkg:maven/org.apache.avro/avro@1.11.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-agjx-5whj-dyac Aliases: CVE-2024-47561 GHSA-r7pg-v2c8-mfg3	Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.	1.11.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-agjx-5whj-dyac
Aliases:
CVE-2024-47561
GHSA-r7pg-v2c8-mfg3

Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

1.11.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6yqn-2w2d-3yd3	When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.	CVE-2023-39410 GHSA-rhrv-645h-fjfh PYSEC-2023-188

Vulnerability

Summary

Aliases

VCID-6yqn-2w2d-3yd3

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

CVE-2023-39410
GHSA-rhrv-645h-fjfh
PYSEC-2023-188

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:10:07.253689+00:00	GitLab Importer	Affected by	VCID-agjx-5whj-dyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2024-47561.yml	38.4.0
2026-04-16T22:39:45.739855+00:00	GitLab Importer	Fixing	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2023-39410.yml	38.4.0
2026-04-12T00:28:23.316740+00:00	GitLab Importer	Affected by	VCID-agjx-5whj-dyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2024-47561.yml	38.3.0
2026-04-11T23:59:12.084557+00:00	GitLab Importer	Fixing	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2023-39410.yml	38.3.0
2026-04-03T00:36:08.062354+00:00	GitLab Importer	Affected by	VCID-agjx-5whj-dyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2024-47561.yml	38.1.0
2026-04-03T00:02:16.698477+00:00	GitLab Importer	Fixing	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2023-39410.yml	38.1.0
2026-04-02T17:00:21.380601+00:00	GHSA Importer	Fixing	VCID-6yqn-2w2d-3yd3	https://github.com/advisories/GHSA-rhrv-645h-fjfh	38.1.0
2026-04-01T12:57:48.705892+00:00	GithubOSV Importer	Fixing	VCID-6yqn-2w2d-3yd3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-rhrv-645h-fjfh/GHSA-rhrv-645h-fjfh.json	38.0.0
2026-04-01T12:51:53.138979+00:00	GitLab Importer	Fixing	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2023-39410.yml	38.0.0