File tree 1 file changed +18
-4
lines changed
1 file changed +18
-4
lines changed Original file line number Diff line number Diff line change @@ -12,7 +12,23 @@ To report a possible security vulnerability, please email [
[email protected] .
1212
1313<hr class =" my-5 " >
1414
15- ### [ CVE-2019 -12408] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12408 ) : Uninitialized Memory in C++ ArrayBuilder
15+ ### [ CVE-2023 -47248] ( https://www.cve.org/CVERecord?id=CVE-2023-47248 ) : Arbitrary code execution when loading a malicious data file in PyArrow
16+
17+ ** Severity** : Critical
18+
19+ ** Vendor** : The Apache Software Foundation
20+
21+ ** Versions affected** : 0.14.0 to 14.0.0
22+
23+ ** Description** : Deserialization of untrusted data in IPC and Parquet readers
24+ in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution.
25+ An application is vulnerable if it reads Arrow IPC, Feather or Parquet data
26+ from untrusted sources (for example user-supplied input files).
27+
28+ ** Mitigation** : Upgrade to version 14.0.1 or greater. If not possible, use the
29+ provided [ hotfix package] ( https://pypi.org/project/pyarrow-hotfix/ ) .
30+
31+ ### [ CVE-2019 -12408] ( https://www.cve.org/CVERecord?id=CVE-2019-12408 ) : Uninitialized Memory in C++ ArrayBuilder
1632
1733** Severity** : High
1834
@@ -24,9 +40,7 @@ To report a possible security vulnerability, please email [
[email protected] .
2440
2541** Mitigation** : Upgrade to version 0.15.1 or greater.
2642
27- <hr class =" my-5 " >
28-
29- ### [ CVE-2019 -12410] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12410 ) : Uninitialized Memory in C++ Reading from Parquet
43+ ### [ CVE-2019 -12410] ( https://www.cve.org/CVERecord?id=CVE-2019-12410 ) : Uninitialized Memory in C++ Reading from Parquet
3044
3145** Severity** : High
3246
You can’t perform that action at this time.
0 commit comments