Описание
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.
Отчет
CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio. Please see https://developers.redhat.com/articles/2022/04/18/announcement-red-hat-codeready-studio-reaches-end-life for more information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CodeReady Studio 12 | avro | Out of support scope | ||
| Red Hat Fuse 7 | avro | Not affected | ||
| Red Hat Integration Camel K 1 | avro | Not affected | ||
| Red Hat Integration Service Registry | avro | Not affected | ||
| Red Hat JBoss Data Grid 7 | avro | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | avro | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | avro | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | avro | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | avro | Not affected | ||
| Red Hat JBoss Fuse 6 | avro | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.
Allocation of Resources Without Limits or Throttling in Apache Avro
7.5 High
CVSS3