Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18950

upgrade avro to 1.11.3 due to CVE

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • common

    Description

      https://nvd.nist.gov/vuln/detail/CVE-2023-39410

      When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #4854

          Activity

            People

              Unassigned Unassigned
              Xuze Yang Xuze Yang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: