6 matches found
io.fabric8.funktion.connector:connector-rabbitmq (>=1.1.9 <=1.1.55), io.github.koustavtub:snsmockjava_2.12 (>=0.4.1 <=0.4.1.0) +4 more potentially affected by CVE-2020-11972 via org.apache.camel:camel-rabbitmq (>=2.15.2 <=2.25.0)
org.apache.camel:camel-rabbitmq MAVEN version =2.15.2, =1.1.9, =0.4.1, =2.18.0, =1.0.0, =2.4.8, =2.5.4 Source cves: CVE-2020-11972 Source advisory: OSV:GHSA-2X6R-7427-95CM...
GHSA-2X6R-7427-95CM Deserialization of Untrusted Data in Apache Camel RabbitMQ
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
CVE-2020-11972
A flaw was found in camel up to versions 2.25.1 and 3.x. Apache Camel RabbitMQ enables java deserialization, by default, without any means of disabling which can lead to arbitrary code being executed. The highest threat from this vulnerability is to data confidentiality and integrity as well as...
CVE-2020-11973
A flaw was found in camel. Apache Camel RabbitMQ enables java deserialization, by default, without any means of disabling which can lead to arbitrary code being executed. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation...
Insecure Defaults
Apache Camel RabbitMQ uses an insecure default. The Java deserialization is enabled by default and allows an attacker to execute arbitrary code via a deserialization vulnerability...
Apache Camel RabbitMQ Code Issue Vulnerability
Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern of Java objects POJO implementation ...