VDB

RHSA-2024%3A8093

RHSA-2024%3A8093 PUBLISHED CVSS 8.800000190734863 HIGH

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Enterprise Application Platform 7

Timeline

  • Oct 14, 2024 CVE Published
  • Apr 30, 2026 CVE Updated
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›