Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for parquet_java by apache
CVE-2025-30065 (GCVE-0-2025-30065)
Vulnerability from cvelistv5 – Published: 2025-04-01 07:53 – Updated: 2026-02-26 18:29
VLAI
Title
Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
Summary
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code
Users are recommended to upgrade to version 1.15.1, which fixes the issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
8 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Parquet Java |
Affected:
0 , ≤ 1.15.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30065",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T03:55:16.818618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:29:05.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetExploitGenerator.java"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/java/com/evil/GenerateMaliciousParquetSSRF.java"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-07T02:18:14.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/01/1"
},
{
"url": "https://news.ycombinator.com/item?id=43603091"
},
{
"url": "https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2025-30065"
},
{
"url": "https://github.com/apache/parquet-java/pull/3169"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.apache.parquet:parquet-avro",
"product": "Apache Parquet Java",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.15.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Keyi Li (Amazon)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSchema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.15.1, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code\n\n\nUsers are recommended to upgrade to version 1.15.1, which fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Assuming the system using the library accepts files form the internet and runs in a privileged user."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T07:53:42.993Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-30065",
"datePublished": "2025-04-01T07:53:42.993Z",
"dateReserved": "2025-03-15T03:41:07.822Z",
"dateUpdated": "2026-02-26T18:29:05.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-41561 (GCVE-0-2021-41561)
Vulnerability from cvelistv5 – Published: 2021-12-20 11:20 – Updated: 2024-08-04 03:15
VLAI
Title
Apache Parquet-MR potential DoS in case of malicious Parquet file
Summary
Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.
Severity
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/1bjlscbqtfzl160hr… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/12/20/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Parquet |
Affected:
1.9.0 , < Parquet-MR*
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr"
},
{
"name": "[oss-security] 20211220 CVE-2021-41561: Apache Parquet-MR potential DoS in case of malicious Parquet file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Parquet",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "Parquet-MR*",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Sergey Temnikov of the Amazon S3 team."
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T15:06:57.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr"
},
{
"name": "[oss-security] 20211220 CVE-2021-41561: Apache Parquet-MR potential DoS in case of malicious Parquet file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/1"
}
],
"source": {
"defect": [
"PARQUET-2094"
],
"discovery": "UNKNOWN"
},
"title": "Apache Parquet-MR potential DoS in case of malicious Parquet file",
"workarounds": [
{
"lang": "en",
"value": "1.12.x users should upgrade to 1.12.2\n1.11.x users should upgrade to 1.11.2\nUsers of older release lines (\u003c= 1.10.x) should upgrade to 1.12.2 or 1.11.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-41561",
"STATE": "PUBLIC",
"TITLE": "Apache Parquet-MR potential DoS in case of malicious Parquet file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Parquet",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "Parquet-MR",
"version_value": "1.9.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Sergey Temnikov of the Amazon S3 team."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr"
},
{
"name": "[oss-security] 20211220 CVE-2021-41561: Apache Parquet-MR potential DoS in case of malicious Parquet file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/1"
}
]
},
"source": {
"defect": [
"PARQUET-2094"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "1.12.x users should upgrade to 1.12.2\n1.11.x users should upgrade to 1.11.2\nUsers of older release lines (\u003c= 1.10.x) should upgrade to 1.12.2 or 1.11.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-41561",
"datePublished": "2021-12-20T11:20:11.000Z",
"dateReserved": "2021-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:15:29.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30065 (GCVE-0-2025-30065)
Vulnerability from nvd – Published: 2025-04-01 07:53 – Updated: 2026-02-26 18:29
VLAI
Title
Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
Summary
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code
Users are recommended to upgrade to version 1.15.1, which fixes the issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
8 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Parquet Java |
Affected:
0 , ≤ 1.15.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30065",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T03:55:16.818618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:29:05.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetExploitGenerator.java"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/java/com/evil/GenerateMaliciousParquetSSRF.java"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-07T02:18:14.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/01/1"
},
{
"url": "https://news.ycombinator.com/item?id=43603091"
},
{
"url": "https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2025-30065"
},
{
"url": "https://github.com/apache/parquet-java/pull/3169"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.apache.parquet:parquet-avro",
"product": "Apache Parquet Java",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.15.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Keyi Li (Amazon)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eSchema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.15.1, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code\n\n\nUsers are recommended to upgrade to version 1.15.1, which fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Assuming the system using the library accepts files form the internet and runs in a privileged user."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T07:53:42.993Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-30065",
"datePublished": "2025-04-01T07:53:42.993Z",
"dateReserved": "2025-03-15T03:41:07.822Z",
"dateUpdated": "2026-02-26T18:29:05.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-41561 (GCVE-0-2021-41561)
Vulnerability from nvd – Published: 2021-12-20 11:20 – Updated: 2024-08-04 03:15
VLAI
Title
Apache Parquet-MR potential DoS in case of malicious Parquet file
Summary
Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.
Severity
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/1bjlscbqtfzl160hr… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/12/20/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Parquet |
Affected:
1.9.0 , < Parquet-MR*
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr"
},
{
"name": "[oss-security] 20211220 CVE-2021-41561: Apache Parquet-MR potential DoS in case of malicious Parquet file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Parquet",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "Parquet-MR*",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Sergey Temnikov of the Amazon S3 team."
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T15:06:57.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr"
},
{
"name": "[oss-security] 20211220 CVE-2021-41561: Apache Parquet-MR potential DoS in case of malicious Parquet file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/1"
}
],
"source": {
"defect": [
"PARQUET-2094"
],
"discovery": "UNKNOWN"
},
"title": "Apache Parquet-MR potential DoS in case of malicious Parquet file",
"workarounds": [
{
"lang": "en",
"value": "1.12.x users should upgrade to 1.12.2\n1.11.x users should upgrade to 1.11.2\nUsers of older release lines (\u003c= 1.10.x) should upgrade to 1.12.2 or 1.11.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-41561",
"STATE": "PUBLIC",
"TITLE": "Apache Parquet-MR potential DoS in case of malicious Parquet file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Parquet",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "Parquet-MR",
"version_value": "1.9.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Sergey Temnikov of the Amazon S3 team."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr"
},
{
"name": "[oss-security] 20211220 CVE-2021-41561: Apache Parquet-MR potential DoS in case of malicious Parquet file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/1"
}
]
},
"source": {
"defect": [
"PARQUET-2094"
],
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "1.12.x users should upgrade to 1.12.2\n1.11.x users should upgrade to 1.11.2\nUsers of older release lines (\u003c= 1.10.x) should upgrade to 1.12.2 or 1.11.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-41561",
"datePublished": "2021-12-20T11:20:11.000Z",
"dateReserved": "2021-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:15:29.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}