Lucene search
K

4 matches found

NVD
NVD
added 7 hours ago5 views

CVE-2026-42527

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

Exploits0References2
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-41824

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

6.7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.11 views

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

9.8CVSS6.4AI score0.00881EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.3 views

camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution

A flaw was found in camel up to versions 2.25.1 and 3.x. Apache Camel RabbitMQ enables java deserialization, by default, without any means of disabling which can lead to arbitrary code being executed. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

9.8CVSS7.5AI score0.05514EPSS
Exploits0References4
Rows per page
Query Builder