7 matches found
Deserialization Of Untrusted Data
Apache Camel is vulnerable to Unsafe Deserialization. The vulnerability is due to deserialization of untrusted data in ConsulRegistryUtils.deserialize using ObjectInputStream.readObject without applying an ObjectInputFilter, allowing attackers with write access to the Consul KV store to inject...
GHSA-5RC6-9QFP-8VWG Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ConsulRegistryUtils.deserialize method which fails to without apply an ObjectInputFilter. An attacker can execute arbitrary code by injecting a malicious serialized Java object into the Consul K...
CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
Apache Camel 代码问题漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...
PT-2026-35393
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...