apache arrow is vulnerable to information disclosure. The data read from Apache Parquet files with RLE null encoded data is uninitialized, potentially allowing data in memory to be unintentionally shared over the wire.
www.openwall.com/lists/oss-security/2019/11/08/1
github.com/apache/arrow/pull/5392
lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E
lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E