CNNVD-202602-2269 Information

CNNVD ID

CNNVD-202602-2269

Related CVE

CVE-2025-33042

• CNNVD Published: 2026-02-13

Description (Chinese)

Apache Avro Java SDK是Apache基金会的一个数据处理工具包。 Apache Avro Java SDK 1.11.4及之前版本和1.12.0版本存在安全漏洞，该漏洞源于从不受信任的Avro模式生成特定记录时代码生成控制不当，可能导致代码注入。

Description (English)

Apache Avro Java SDK is a data-processing toolkit for the Apache Foundation. A security loophole exists in Apache Avro Java SDK 1.11.4 and previous and 1.12.0 versions, which stems from inadequate code generation controls when creating a particular record from untrustworthy Avro mode, which may result in code injection.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-02-13

Last Modified

2026-02-24

References

https://lists.apache.org/thread/fy88wmgf1lj9479vrpt12cv8x73lroj1 http://www.openwall.com/lists/oss-security/2026/02/12/2 https://access.redhat.com/security/cve/cve-2025-33042

Patch

https://avro.apache.org/project/download/