You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@parquet.apache.org by Gábor Szádovszky <ga...@apache.org> on 2021/12/20 10:03:38 UTC

CVE-2021-41561: Apache Parquet-MR potential DoS in case of malicious Parquet file

Description:

Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.

This issue is being tracked as PARQUET-2094

Mitigation:

1.12.x users should upgrade to 1.12.2
1.11.x users should upgrade to 1.11.2
Users of older release lines (<= 1.10.x) should upgrade to 1.12.2 or 1.11.2

Credit:

This issue was discovered by Sergey Temnikov of the Amazon S3 team.