GHSA-V3VG-332R-MW99 Camel-PQC Vulnerable to Deserialization of Untrusted Data
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...