GHSA-h79p-32mx-fjj9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h79p-32mx-fjj9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-h79p-32mx-fjj9/GHSA-h79p-32mx-fjj9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h79p-32mx-fjj9
- Aliases
- Published
- 2020-05-21T21:09:04Z
- Modified
- 2023-11-08T04:02:07.992722Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Apache Camel Netty enables Java deserialization by default
- Details
-
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
- Database specific
{ "nvd_published_at": "2020-05-14T17:15:00Z", "github_reviewed_at": "2020-05-21T17:42:21Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-502" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-11973
- https://camel.apache.org/security/CVE-2020-11973.html
- https://github.com/apache/camel
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- http://www.openwall.com/lists/oss-security/2020/05/14/9
Affected packages
Maven / org.apache.camel:camel-netty
Package
- Name
- org.apache.camel:camel-netty
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.camel/camel-netty