GHSA-2x6r-7427-95cm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2x6r-7427-95cm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-2x6r-7427-95cm/GHSA-2x6r-7427-95cm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2x6r-7427-95cm
- Aliases
- Published
- 2021-05-21T19:20:47Z
- Modified
- 2023-11-08T04:02:07.929764Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Deserialization of Untrusted Data in Apache Camel RabbitMQ
- Details
-
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
- Database specific
{ "nvd_published_at": "2020-05-14T17:15:00Z", "github_reviewed_at": "2021-05-21T19:01:28Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-502" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-11972
- https://camel.apache.org/security/CVE-2020-11972.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- http://www.openwall.com/lists/oss-security/2020/05/14/10
- http://www.openwall.com/lists/oss-security/2020/05/14/8
Affected packages
Maven / org.apache.camel:camel-rabbitmq
Package
- Name
- org.apache.camel:camel-rabbitmq
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.camel/camel-rabbitmq
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.25.1
Affected versions
2.*
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.14.0
2.14.1
2.14.2
2.14.3
2.14.4
2.15.0
2.15.1
2.15.2
2.15.3
2.15.4
2.15.5
2.15.6
2.16.0
2.16.1
2.16.2
2.16.3
2.16.4
2.16.5
2.17.0
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.17.6
2.17.7
2.18.0
2.18.1
2.18.2
2.18.3
2.18.4
2.18.5
2.19.0
2.19.1
2.19.2
2.19.3
2.19.4
2.19.5
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.21.0
2.21.1
2.21.2
2.21.3
2.21.4
2.21.5
2.22.0
2.22.1
2.22.2
2.22.3
2.22.4
2.22.5
2.23.0
2.23.1
2.23.2
2.23.3
2.23.4
2.24.0
2.24.1
2.24.2
2.24.3
2.25.0
Maven / org.apache.camel:camel-rabbitmq
Package
- Name
- org.apache.camel:camel-rabbitmq
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.camel/camel-rabbitmq