3 matches found
com.github.camel-labs:camel-labs-iot-cloudlet-document-driver (=0.1.0), com.github.camel-labs:camel-labs-iot-cloudlet-geofencing (=0.1.0) +104 more potentially affected by CVE-2016-8749 via org.apache.camel:camel-jackson (>=2.10.0 <=2.16.4)
org.apache.camel:camel-jackson MAVEN version =2.10.0, =0.1, =0.0.9, =0.0.19, =0.0.8, =0.0.16, =0.0.17, =0.0.16, =1.5, =1.5, =1.5, =1.5, =1.9.3 - edu.amherst.acdc:acrepo-template-mustache =1.0.0 and more Source cves: CVE-2016-8749 Source advisory: OSV:GHSA-VVJC-Q5VR-52Q6...
GHSA-VVJC-Q5VR-52Q6 Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks
Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various...
com.zerotoheroes:hs-draft-odds (>=1.0.0 <=1.0.2), com.zerotoheroes:hs-game-converter (>=1.0.0 <=1.0.12) +32 more potentially affected by CVE-2016-8749 via org.apache.camel:camel-jackson (>=2.17.0 <=2.17.4)
org.apache.camel:camel-jackson MAVEN version =2.17.0, =1.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.7, =1.1.0, =2.2.105, =2.2.105, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.3, =0.3.7 and more Source cves: CVE-2016-8749 Source advisory: OSV:GHSA-VVJC-Q5VR-52Q6...