VulnerableCode Package Details - pkg:maven/org.apache.avro/avro@1.6.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-6yqn-2w2d-3yd3 Aliases: CVE-2023-39410 GHSA-rhrv-645h-fjfh PYSEC-2023-188	When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.	1.11.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-agjx-5whj-dyac Aliases: CVE-2024-47561 GHSA-r7pg-v2c8-mfg3	Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.	1.11.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6yqn-2w2d-3yd3
Aliases:
CVE-2023-39410
GHSA-rhrv-645h-fjfh
PYSEC-2023-188

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

1.11.3
Affected by 1 other vulnerability.

VCID-agjx-5whj-dyac
Aliases:
CVE-2024-47561
GHSA-r7pg-v2c8-mfg3

Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

1.11.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:10:07.176528+00:00	GitLab Importer	Affected by	VCID-agjx-5whj-dyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2024-47561.yml	38.4.0
2026-04-16T22:39:45.658157+00:00	GitLab Importer	Affected by	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2023-39410.yml	38.4.0
2026-04-12T00:28:23.225295+00:00	GitLab Importer	Affected by	VCID-agjx-5whj-dyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2024-47561.yml	38.3.0
2026-04-11T23:59:12.005249+00:00	GitLab Importer	Affected by	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2023-39410.yml	38.3.0
2026-04-03T00:36:07.978632+00:00	GitLab Importer	Affected by	VCID-agjx-5whj-dyac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2024-47561.yml	38.1.0
2026-04-03T00:02:16.594811+00:00	GitLab Importer	Affected by	VCID-6yqn-2w2d-3yd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.avro/avro/CVE-2023-39410.yml	38.1.0