PT-2020-4637 · Apache · Apache Camel
Published
2020-05-14
·
Updated
2022-10-05
·
CVE-2020-11973
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Camel versions 2.22.x through 2.25.0
Apache Camel versions 3.0.0 through 3.1.0
Description
The issue is related to Java deserialization being enabled by default in Apache Camel Netty. This can allow a remote attacker to gain unauthorized access to protected information, execute arbitrary code, or cause a denial of service by exploiting the vulnerability associated with the restoration of untrusted data structures in memory.
Recommendations
For Apache Camel 2.x versions, upgrade to 2.25.1.
For Apache Camel 3.x versions, upgrade to 3.2.0.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Camel