PT-2020-5465 · Apache · Apache Camel

Published

2020-05-14

Updated

2021-05-21

CVE-2020-11972

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Camel versions 2.22.x through 2.25.0 Apache Camel versions 3.0.0 through 3.1.0

Description The issue is related to the restoration of untrusted data structures in memory, which can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. This is due to Java deserialization being enabled by default in Apache Camel RabbitMQ.

Recommendations For Apache Camel version 2.x, upgrade to version 2.25.1. For Apache Camel version 3.x, upgrade to version 3.2.0.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BDU:2021-00721

CVE-2020-11972

GHSA-2X6R-7427-95CM

Affected Products

Apache Camel

PT-2020-5465 · Apache · Apache Camel

CVE-2020-11972

Weakness Enumeration

Related Identifiers

Affected Products

References · 11