Lucene search

K
cvelistApacheCVELIST:CVE-2020-11972
HistoryMay 14, 2020 - 4:26 p.m.

CVE-2020-11972

2020-05-1416:26:03
apache
www.cve.org
4

AI Score

9.5

Confidence

High

EPSS

0.008

Percentile

81.7%

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

CNA Affected

[
  {
    "product": "Apache Camel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
      }
    ]
  }
]

AI Score

9.5

Confidence

High

EPSS

0.008

Percentile

81.7%