PT-2017-12613 · Apache · Apache Camel

Published

2017-11-15

Updated

2022-05-14

CVE-2017-12633

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Camel versions 2.0.0 through 2.19.3 Apache Camel versions 2.20.0 through 2.20.0

Description The camel-hessian component in Apache Camel is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

Recommendations For Apache Camel versions 2.0.0 through 2.19.3, update to version 2.19.4 or later. For Apache Camel versions 2.20.0 through 2.20.0, update to version 2.20.1 or later.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2017-12633

GHSA-5WHJ-523X-6J68

Affected Products

Apache Camel

PT-2017-12613 · Apache · Apache Camel

CVE-2017-12633

Weakness Enumeration

Related Identifiers

Affected Products

References · 11