CVE-2021-41561: 
Java vulnerability analysis and mitigation

An Improper Input Validation vulnerability (CVE-2021-41561) was discovered in Apache Parquet-MR that allows attackers to perform a Denial of Service (DoS) attack using malicious Parquet files. The vulnerability affects Apache Parquet-MR version 1.9.0 and later versions. The issue was discovered by Sergey Temnikov of the Amazon S3 team and is being tracked as PARQUET-2094 (Apache Advisory, OSS Security).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The weakness is categorized as CWE-20 (Improper Input Validation), indicating that the software fails to validate input properly before using it (NVD).

When exploited, this vulnerability can lead to a Denial of Service condition, potentially making the affected Parquet-MR service unavailable. The CVSS scoring indicates high impact on availability while confidentiality and integrity remain unaffected (NVD).

Users are advised to upgrade their Apache Parquet-MR installations to patched versions: 1.12.x users should upgrade to 1.12.2, 1.11.x users should upgrade to 1.11.2, and users of older release lines (≤ 1.10.x) should upgrade to either 1.12.2 or 1.11.2 (OSS Security).