24 matches found
camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
org.apache.camel/camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data
A flaw was found in the camel-infinispan component of Apache Camel. A remote attacker, with the ability to write to the Infinispan cache, can inject a specially crafted serialized Java object. When this object is deserialized during normal aggregation repository operations, it can lead to arbitra...
org.apache.camel/camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data
A flaw was found in the camel-infinispan component of Apache Camel. A remote attacker, with the ability to write to the Infinispan cache, can inject a specially crafted serialized Java object. When this object is deserialized during normal aggregation repository operations, it can lead to arbitra...
camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
CVE-2026-40858
A flaw was found in the camel-infinispan component of Apache Camel. A remote attacker, with the ability to write to the Infinispan cache, can inject a specially crafted serialized Java object. When this object is deserialized during normal aggregation repository operations, it can lead to arbitra...
org.apache.camel.kafkaconnector:camel-infinispan-sink-kafka-connector (>=4.0.0 <=4.14.5), org.apache.camel.kafkaconnector:camel-infinispan-source-kafka-connector (>=4.0.0 <=4.14.5) +8 more potentially affected by CVE-2026-40858 via org.apache.camel:camel-infinispan (>=4.0.0 <=4.14.6)
org.apache.camel:camel-infinispan MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.10.3, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =3.2.0, =4.10.0, =4.0.0, =4.14.6 Source cves: CVE-2026-40858 Source advisory: OSV:GHSA-4XWX-HVV7-7PRJ...
GHSA-4XWX-HVV7-7PRJ Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...
org.apache.camel.kafkaconnector:camel-infinispan-sink-kafka-connector (>=4.0.0 <=4.14.5), org.apache.camel.kafkaconnector:camel-infinispan-source-kafka-connector (>=4.0.0 <=4.14.5) +8 more potentially affected by CVE-2026-40858 +1 more via org.apache.camel:camel-infinispan (>=4.0.0-M1 <=4.14.6)
org.apache.camel:camel-infinispan MAVEN version =4.0.0-M1, =4.0.0, =4.0.0, =4.10.3, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =4.10.0, =4.0.0, =4.14.6 Source cves: CVE-2026-40858, CVE-2026-6857 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321656...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the DefaultExchangeHolderUtils.deserialize function in ProtoStream-based remote aggregation repository. An attacker can achieve arbitrary code execution by injecting a crafted serialized Java object...
CVE-2026-40858 Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...
CVE-2026-40858 Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...
CVE-2026-40858
CVE-2026-40858 – Apache Camel: Camel-Infinispan insecure deserialization The camel-infinispan component’s ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without ObjectInputFilter. An attacker who can write to t...
Apache Camel 代码问题漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...
io.fabric8.funktion.connector:connector-infinispan (>=1.1.9 <=1.1.55), io.quarkus:quarkus-camel-infinispan (>=0.11.0 <=0.19.1) +18 more potentially affected by CVE-2026-6857 via org.apache.camel:camel-infinispan (>=2.18.0 <=4.1.0)
org.apache.camel:camel-infinispan MAVEN version =2.18.0, =1.1.9, =0.11.0, =0.13.0, =0.11.0, =0.1.0, =1.0.0, =1.0.0, =4.10.3, =0.0.2, =3.32.0, =3.32.0, =0.0.2, =0.0.2, =3.0.0-M1, =3.0.0-M1, =3.33.1 and more...
camel-infinispan Vulnerable to Deserialization of Untrusted Data
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
EUVD-2026-24738
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
GHSA-XFXP-PPX7-CQRP camel-infinispan Vulnerable to Deserialization of Untrusted Data
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
CVE-2026-6857
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
CVE-2026-6857 Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
CVE-2026-6857 Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...