ghsa-2x6r-7427-95cm
Vulnerability from github
Published
2021-05-21 19:20
Modified
2021-05-21 19:01
Severity
Summary
Deserialization of Untrusted Data in Apache Camel RabbitMQ
Details
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.camel:camel-rabbitmq" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.25.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.camel:camel-rabbitmq" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.2.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-11972" ], "database_specific": { "cwe_ids": [ "CWE-502" ], "github_reviewed": true, "github_reviewed_at": "2021-05-21T19:01:28Z", "nvd_published_at": "2020-05-14T17:15:00Z", "severity": "HIGH" }, "details": "Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.", "id": "GHSA-2x6r-7427-95cm", "modified": "2021-05-21T19:01:28Z", "published": "2021-05-21T19:20:47Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11972" }, { "type": "WEB", "url": "https://camel.apache.org/security/CVE-2020-11972.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2020/05/14/10" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2020/05/14/8" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Deserialization of Untrusted Data in Apache Camel RabbitMQ" }
Loading...