CVE-2020-11973

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-11973
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11973.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-11973
Aliases
Published
2020-05-14T17:15:12Z
Modified
2024-06-06T12:58:27.580691Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

References

Affected packages

Git / github.com/apache/camel

Affected ranges

Affected versions

camel-3.*

camel-3.0.0
camel-3.1.0