GHSA-vf4q-8mr7-5c5c

Suggest an improvement
Source
https://github.com/advisories/GHSA-vf4q-8mr7-5c5c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-vf4q-8mr7-5c5c/GHSA-vf4q-8mr7-5c5c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vf4q-8mr7-5c5c
Aliases
Published
2018-10-16T23:05:58Z
Modified
2024-02-16T08:11:59.175995Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
Details

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

References

Affected packages

Maven / org.apache.camel:camel-castor

Package

Name
org.apache.camel:camel-castor
View open source insights on deps.dev
Purl
pkg:maven/org.apache.camel/camel-castor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.19.4

Affected versions

2.*

2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.9.0-RC1
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.14.0
2.14.1
2.14.2
2.14.3
2.14.4
2.15.0
2.15.1
2.15.2
2.15.3
2.15.4
2.15.5
2.15.6
2.16.0
2.16.1
2.16.2
2.16.3
2.16.4
2.16.5
2.17.0
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.17.6
2.17.7
2.18.0
2.18.1
2.18.2
2.18.3
2.18.4
2.18.5
2.19.0
2.19.1
2.19.2
2.19.3

Maven / org.apache.camel:camel-castor

Package

Name
org.apache.camel:camel-castor
View open source insights on deps.dev
Purl
pkg:maven/org.apache.camel/camel-castor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.20.0
Fixed
2.20.1

Affected versions

2.*

2.20.0