Real-world Example

A data analytics dashboard accepts Parquet files via API to visualize uploaded datasets. Backend uses Apache Spark with ParquetReader.

Upon deserialization, the exploit triggers a reverse shell to the attacker's server.

Real-world Example

A machine learning platform allows scientists to upload datasets in formats like CSV, JSON, Parquet.

• Attacker logs in
• Uploads malicious.parquet via web form
• Vulnerable Parquet Java library (≤ 1.15.0) processes the file
• Remote Code Execution (RCE) triggers a shell

Seen in tools like Databricks, MLFlow, or internal ingestion pipelines.

Real-world Example

Organization uses Apache NiFi / Airflow pipelines to auto-load files from cloud storage (e.g., S3, Azure Blob).

• Attacker uploads malicious.parquet to s3://org-analytics-upload/
• Scheduled job picks up and processes the file
• Parsed in Apache Spark/Hive → Gadget chain triggers
• Reverse shell connects to attacker

Trusted internal/partner uploads = perfect attack vector.