Описание
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
It was found that Apache Camel contains a security vulnerability via camel-castor component. An attacker can utilize this flaw to deserialize a malicious object on the target machine which could lead to Remote Code Execution (RCE).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Fuse 6 | camel-castor | Affected | ||
| Red Hat JBoss Fuse Service Works 6 | camel-castor | Out of support scope | ||
| Red Hat JBoss A-MQ 6.3 | Fixed | RHSA-2018:0319 | 14.02.2018 | |
| Red Hat JBoss Fuse 6.3 | Fixed | RHSA-2018:0319 | 14.02.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
EPSS
7.5 High
CVSS3