Описание
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code
Users are recommended to upgrade to version 1.15.1, which fixes the issue.
A flaw was found in the parquet-avro module of Apache Parquet. This vulnerability allows attackers to execute arbitrary code via schema parsing.
Отчет
Camel Spring Boot product is not affected by this vulnerability since the listed components are not supported.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 4 | camel-parquet-avro | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 4 | parquet-avro | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
10 Critical
CVSS3
Связанные уязвимости
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.
Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution
Уязвимость модуля parquet-avro формата столбцового хранения для обработки данных Apache Parquet Java, позволяющая нарушителю выполнить произвольный код
EPSS
10 Critical
CVSS3