Apache Camel Netty enables Java deserialization by default

2020-05-2121:09:04

Google

osv.dev

EPSS

0.014

Percentile

86.3%

JSON

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

References

www.openwall.com/lists/oss-security/2020/05/14/9

camel.apache.org/security/CVE-2020-11973.html

github.com/apache/camel

nvd.nist.gov/vuln/detail/CVE-2020-11973

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpuoct2020.html

EPSS

0.014

Percentile

86.3%

JSON

Related for OSV:GHSA-H79P-32MX-FJJ9