[
https://issues.apache.org/jira/browse/RANGER-5072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17905499#comment-17905499
]
Basapuram Kumar commented on RANGER-5072:
-----------------------------------------
PR opened - https://github.com/apache/ranger/pull/453
> Bump org.apache.avro:avro from 1.11.3 to 1.11.4
> -----------------------------------------------
>
> Key: RANGER-5072
> URL: https://issues.apache.org/jira/browse/RANGER-5072
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Affects Versions: 2.5.0
> Reporter: Basapuram Kumar
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> [CVE-2024-47561|https://nvd.nist.gov/vuln/detail/cve-2024-47561]
> +Description of CVE+
> Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions
> allows bad actors to execute arbitrary code. Users are recommended to upgrade
> to version 1.11.4 or 1.12.0, which fix this issue.
>
> To address the
> [CVE-2024-47561|https://nvd.nist.gov/vuln/detail/cve-2024-47561] , suggesting
> to bump-up from 1.11.3 to 1.11.4
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
