GHSA-h79p-32mx-fjj9

Suggest an improvement
Source
https://github.com/advisories/GHSA-h79p-32mx-fjj9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-h79p-32mx-fjj9/GHSA-h79p-32mx-fjj9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-h79p-32mx-fjj9
Aliases
Published
2020-05-21T21:09:04Z
Modified
2023-11-08T04:02:07.992722Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Apache Camel Netty enables Java deserialization by default
Details

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

References

Affected packages

Maven / org.apache.camel:camel-netty

Package

Name
org.apache.camel:camel-netty
View open source insights on deps.dev
Purl
pkg:maven/org.apache.camel/camel-netty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.2.0

Affected versions

3.*

3.0.0
3.0.1
3.1.0