9 matches found
CVE-2026-43867
Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...
CVE-2026-43867 Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter
Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...
CVE-2026-46590 Apache Camel: Camel-PQC: The HashiCorp Vault and AWS Secrets Manager key-lifecycle managers deserialize persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter (incomplete remediation of CVE-2026-40048)
Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...
CVE-2026-46590
Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...
Camel-PQC Vulnerable to Deserialization of Untrusted Data
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...
GHSA-V3VG-332R-MW99 Camel-PQC Vulnerable to Deserialization of Untrusted Data
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...
CVE-2026-40048
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...
CVE-2026-40048 Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...
PT-2026-35369
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...