GHSA-gv5f-cjw9-5vxg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gv5f-cjw9-5vxg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-gv5f-cjw9-5vxg/GHSA-gv5f-cjw9-5vxg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gv5f-cjw9-5vxg
- Aliases
-
- CVE-2015-5344
- Published
- 2018-10-16T23:10:23Z
- Modified
- 2024-12-06T05:38:50.020493Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands
- Details
-
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:38:03Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-5344
- https://github.com/apache/camel/commit/157c0b4a3c8017de432f1c99f83e374e97dc4d36
- https://github.com/apache/camel/commit/369d0a6d605055cb843e7962b101e3bbcd113fec
- https://github.com/apache/camel/commit/4491c080cb6c8659fc05441e49307b7d4349aa56
- https://github.com/apache/camel/commit/4cdc6b177ee7391eedc9f0b695c05d56f84b0812
- https://github.com/apache/camel/commit/8386d8f7260143802553bc6dbae2880d6c0bafda
- https://github.com/apache/camel/commit/b7afb3769a38b8e526f8046414d4a71430d77df0
- https://github.com/apache/camel/commit/f07a33c467adb3d37aa8192698caadfee43a17dc
- https://github.com/advisories/GHSA-gv5f-cjw9-5vxg
- https://github.com/apache/camel
- https://issues.apache.org/jira/browse/CAMEL-9297
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
- http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc
- http://rhn.redhat.com/errata/RHSA-2016-2035.html
- http://www.securityfocus.com/archive/1/537414/100/0/threaded
- http://www.securityfocus.com/bid/82260
Affected packages
Maven / org.apache.camel:camel-xstream
Package
- Name
- org.apache.camel:camel-xstream
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.camel/camel-xstream
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.15.5
Affected versions
1.*
1.3.0
1.4.0
1.5.0
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
2.*
2.0-M1
2.0-M2
2.0-M3
2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.9.0-RC1
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.14.0
2.14.1
2.14.2
2.14.3
2.14.4
2.15.0
2.15.1
2.15.2
2.15.3
2.15.4
Maven / org.apache.camel:camel-xstream
Package
- Name
- org.apache.camel:camel-xstream
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.camel/camel-xstream