Apache Avro
By the Year
In 2022 there have been 1 vulnerability in Apache Avro with an average score of 7.5 out of ten. Avro did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2022 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 1 | 7.50 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 9.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Avro vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Avro Security Vulnerabilities
A vulnerability in the .NET SDK of Apache Avro
CVE-2021-43045
7.5 - High
- January 06, 2022
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.
Allocation of Resources Without Limits or Throttling
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT
CVE-2019-17195
9.8 - Critical
- October 15, 2019
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Improper Handling of Exceptional Conditions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Policy Automation or by Apache? Click the Watch button to subscribe.
