# Dapr 1.10.9 [security]This update contains security fixes: -[Security: Potential DoS in avro dependency (CVE-2023-37475)](#security-potential-dos-in-avro-dependency-cve-2023-37475)## Security: Potential DoS in avro dependency (CVE-2023-37475)### Problem[CVE-2023-37475](https://github.com/hamba/avro/security/advisories/GHSA-9x44-9pgq-cf45)An issue in the third-party avro dependency could cause a resource exhaustion and a DoS for Dapr.### ImpactThis issue impacts users of Dapr that use the Pulsar components.### Root causeThe issue was in a third-party dependency.### SolutionWe have upgraded the avro dependency to version 2.13.0 which contains a fix for the reported issue.