4 matches found
ai.wanaku:core-runtime-camel (>=0.0.4 <=0.0.9), ai.wanaku:core-services (>=0.0.2 <=0.0.3) +1617 more potentially affected by CVE-2026-40860 via org.apache.camel:camel-componentdsl (>=3.10.0 <=4.14.6)
org.apache.camel:camel-componentdsl MAVEN version =3.10.0, =0.0.4, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.7 and more Source cves: CVE-2026-40860 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321539...
org.apache.camel.kafkaconnector:camel-sjms-batch-kafka-connector (>=0.1.0 <=0.11.0), org.apache.camel.kafkaconnector:camel-sjms-kafka-connector (>=0.1.0 <=0.11.5) +21 more potentially affected by CVE-2026-40860 via org.apache.camel:camel-sjms (>=3.0.0-M1 <=4.14.6)
org.apache.camel:camel-sjms MAVEN version =3.0.0-M1, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =4.10.3, =1.0.0, =2.2.0, =1.0.0-M1, =2.2.0, =2.2.0, =2.2.0, =2.2.0, =3.19.0, =1.0.0, =3.2...
ca.islandora.alpaca:islandora-alpaca-app (>=2.0.0 <=2.2.0), ca.islandora.alpaca:islandora-connector-derivative (>=2.0.0 <=2.2.0) +82 more potentially affected by CVE-2026-40860 via org.apache.camel:camel-jms (>=3.0.0-M1 <=4.14.6)
org.apache.camel:camel-jms MAVEN version =3.0.0-M1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =3.0.0, =0.46, =0.3, =0.5, =0.1, =0.1, =1.0, =4.3.7.hyte-4307a, =4.3.7.hyte-4307a, =hyte-mq-4.3.7.hyte-43072 and more Source cves: CVE-2026-40860 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321536...
CVE-2026-40860
JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...