GHSA-vf4q-8mr7-5c5c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vf4q-8mr7-5c5c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-vf4q-8mr7-5c5c/GHSA-vf4q-8mr7-5c5c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vf4q-8mr7-5c5c
- Aliases
- Published
- 2018-10-16T23:05:58Z
- Modified
- 2024-02-16T08:11:59.175995Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
- Details
-
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
- Database specific
{ "nvd_published_at": null, "severity": "CRITICAL", "github_reviewed_at": "2020-06-16T21:57:33Z", "github_reviewed": true, "cwe_ids": [ "CWE-502" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-12634
- https://github.com/apache/camel/commit/2ae645e90edff3bcc1b958cb53ddc5e60a7f49fd
- https://github.com/apache/camel/commit/573ebd3de810cc7e239f175e1d2d6993f1f2ad08
- https://github.com/apache/camel/commit/ad3c1ce9d8300c339cfa7d0f4a4dea691a947988
- https://github.com/apache/camel/commit/adc06a78f04c8d798709a5818104abe5a8ae4b38
- https://github.com/apache/camel/commit/bdff8f3f3583e4f14cdaf24f2037e0fbef252630
- https://github.com/apache/camel/commit/c613905e95a3dab87158d9526aea9439f2de9621
- https://access.redhat.com/errata/RHSA-2018:0319
- https://github.com/advisories/GHSA-vf4q-8mr7-5c5c
- https://github.com/apache/camel
- https://issues.apache.org/jira/browse/CAMEL-11929
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
- http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc
- http://www.securityfocus.com/bid/101876
Affected packages
Maven / org.apache.camel:camel-castor
Package
- Name
- org.apache.camel:camel-castor
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.camel/camel-castor
Affected versions
2.*
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.9.0-RC1
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.14.0
2.14.1
2.14.2
2.14.3
2.14.4
2.15.0
2.15.1
2.15.2
2.15.3
2.15.4
2.15.5
2.15.6
2.16.0
2.16.1
2.16.2
2.16.3
2.16.4
2.16.5
2.17.0
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.17.6
2.17.7
2.18.0
2.18.1
2.18.2
2.18.3
2.18.4
2.18.5
2.19.0
2.19.1
2.19.2
2.19.3
Maven / org.apache.camel:camel-castor
Package
- Name
- org.apache.camel:camel-castor
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.camel/camel-castor