Hi Steve, That would be this one: https://github.com/apache/parquet-java/pull/3169
Kind regards, Fokko Op vr 4 apr 2025 om 12:30 schreef Steve Loughran <ste...@cloudera.com.invalid>: > Thanks. > Is there a specific commit to cherrypick to fix this issue? > > On Tue, 1 Apr 2025 at 03:03, Gang Wu <gan...@apache.org> wrote: > > > Affected versions: > > > > - Apache Parquet Java through 1.15.0 > > > > Description: > > > > Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and > > previous versions allows bad actors to execute arbitrary code > > > > > > Users are recommended to upgrade to version 1.15.1, which fixes the > issue. > > > > Credit: > > > > Keyi Li (Amazon) (finder) > > > > References: > > > > https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 > > https://parquet.apache.org/ > > https://www.cve.org/CVERecord?id=CVE-2025-30065 > > > > >
