CVE-2017-12634

Опубликовано: 15 нояб. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

Ссылки

http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/101876
Issue Tracking
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0319
Third Party Advisory
https://issues.apache.org/jira/browse/CAMEL-11929
Issue Tracking
Vendor Advisory
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/101876
Issue Tracking
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0319
Third Party Advisory
https://issues.apache.org/jira/browse/CAMEL-11929
Issue Tracking
Vendor Advisory
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.19.4 (исключая)

cpe:2.3:a:apache:camel:2.20.0:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04565

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

CVE-2017-12634

CVSS3: 7.5

redhat

около 8 лет назад

GHSA-vf4q-8mr7-5c5c