org.apache.camel:camel-castor-starter (=2.20.0) potentially affected by CVE-2017-12634 via org.apache.camel:camel-castor (=2.20.0)

org.apache.camel:camel-castor MAVEN version =2.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-castor and may be impacted: - org.apache.camel:camel-castor-starter =2.20.0 Source cves: CVE-2017-12634 Source advisory:...

GHSA-VF4Q-8MR7-5C5C Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

org.apache.camel:camel-castor-starter (>=2.18.0 <=2.19.3) potentially affected by CVE-2017-12634 via org.apache.camel:camel-castor (>=2.18.0 <=2.19.3)

org.apache.camel:camel-castor MAVEN version =2.18.0, =2.18.0, =2.19.3 Source cves: CVE-2017-12634 Source advisory: OSV:GHSA-VF4Q-8MR7-5C5C...

Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

Apache Camel camel-castor component deserialization remote code execution vulnerability

Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , a...

Deserialisation Of Untrusted Object

camel-castor is vulnerable to deserialization of untrusted data. The vulnerability exists as it does not filter the data to be deserialized by default, allowing the attacker to pass untrusted data that can cause arbitrary code execution...

Design/Logic Flaw

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...