GHSA-5WHJ-523X-6J68 Apache Camel camel-hessian component vulnerable to Java object deserialization

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

org.apache.camel:camel-hessian-starter (=2.20.0) potentially affected by CVE-2017-12633 via org.apache.camel:camel-hessian (=2.20.0)

org.apache.camel:camel-hessian MAVEN version =2.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-hessian and may be impacted: - org.apache.camel:camel-hessian-starter =2.20.0 Source cves: CVE-2017-12633 Source advisory:...

org.apache.camel:camel-hessian-starter (>=2.18.0 <=2.19.3) potentially affected by CVE-2017-12633 via org.apache.camel:camel-hessian (>=2.18.0 <=2.19.3)

org.apache.camel:camel-hessian MAVEN version =2.18.0, =2.18.0, =2.19.3 Source cves: CVE-2017-12633 Source advisory: OSV:GHSA-5WHJ-523X-6J68...

Apache Camel camel-hessian component vulnerable to Java object deserialization

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

Apache Camel camel-hessian component deserialization remote code execution vulnerability

Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , a...

Deserialization Of Untrusted Data

camel-hessian is vulnerable to deserialization of untrusted data. The vulnerability exists because the library does not check that the data to be deserialized is trusted, allowing an attacker to inject and execute arbitrary code through the untrusted data...

Design/Logic Flaw

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

CVE-2017-12633

It was found that Apache Camel contains a security vulnerability via camel-hessian component. An attacker can utilize this flaw to deserialize a malicious object on the target machine which could lead to Remote Code Execution RCE...