Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request...

net.osgiliath.framework:net.osgiliath.feature.camel (>=0.2.0 <=0.2.3), net.osgiliath.framework:net.osgiliath.feature.full (>=0.2.0 <=0.2.3) +74 more potentially affected by CVE-2015-5344 via org.apache.camel:camel-xstream (>=2.10.1 <=2.15.3)

org.apache.camel:camel-xstream MAVEN version =2.10.1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.3 and more Source cves: CVE-201...

camel-xstream: Java object de-serialization vulnerability leads to RCE

It was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization. This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks...