Upgrade org.apache.avro dependency version to address CVE-2024-47561
Closed this issue · 1 comments
Ermess94 commented
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fixes this issue.
Guideline: https://avd.aquasec.com/nvd/cve-2024-4756
rayokota commented
Avro upgraded to 1.11.4 here confluentinc/common#664