Logstash affected by CVE-2024-47561 in Apache Avro (ESA-2024-38)
On October 3, 2024, CVE-2024-47561 was published, which can lead to execution of arbitrary code.
The issue only affects users using the Kafka integration plugin and only if a malicious schema is loaded through the schema registry. Additionally both the Kafka input and output plugins are also vulnerable if a user created Serializer/Deserializer classes that takes an Avro Schema
Affected Versions:
<= 8.15.2
Solutions and Mitigations:
Users should upgrade to Logstash version 8.15.3 where Apache Avro has been updated to version 11.5.2.
For Users that Cannot Upgrade:
Users can manually upgrade the logstash-integration-kafka plugin to 11.5.2
Severity: CVSSv3.1: 7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE ID: CVE-2024-47561