CVE-2020-11972

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11972

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11972.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11972

Aliases

GHSA-2x6r-7427-95cm

Published

2020-05-14T17:15:12Z

Modified

2024-09-03T03:11:35.547938Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

References

Affected packages

Git / github.com/apache/camel

Affected ranges

Type: GIT
Repo: https://github.com/apache/camel
Events: Introduced

ac11f88de7594232c3c28532a19377764665ce13

Last affected

9636f69dd42c5b01052875f960fb05d2edc4a8a9

Introduced

363777cc93ab6072cd12d2a231c2165cbc6c0524

Last affected

fa2a3c885e621014e1d54663b141b9f10b1299a4

Affected versions

camel-3.*

camel-3.0.0

camel-3.1.0