Описание
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
It was found that the camel-snakeyaml component is exploitable for code execution. An attacker could use this vulnerability to send specially crafted payload to a camel-snakeyaml endpoint and causing a remote code execution attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Fuse 6 | camel-snakeyaml | Affected | ||
| Red Hat JBoss A-MQ 6.3 | Fixed | RHSA-2017:0868 | 03.04.2017 | |
| Red Hat JBoss Fuse 6.3 | Fixed | RHSA-2017:0868 | 03.04.2017 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=1420834camel-snakeyaml: Unmarshalling operation is vulnerable to RCE
EPSS
Процентиль: 86%
0.02766
Низкий
8.1 High
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
почти 9 лет назад
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
CVSS3: 9.8
github
больше 7 лет назад
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization
EPSS
Процентиль: 86%
0.02766
Низкий
8.1 High
CVSS3