56241 matches found
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JmsBinding.extractBodyFromJms function in camel-jms and it's equivalents in camel-sjms that does not apply any ObjectInputFilter. An attacker can execute arbitrary code by sending a crafted JMS...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JmsBinding.extractBodyFromJms function in camel-jms and it's equivalents in camel-sjms that does not apply any ObjectInputFilter. An attacker can execute arbitrary code by sending a crafted JMS...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JmsBinding.extractBodyFromJms function in camel-jms and it's equivalents in camel-sjms that does not apply any ObjectInputFilter. An attacker can execute arbitrary code by sending a crafted JMS...
CVE-2026-27172
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
CVE-2026-40858
CVE-2026-40858 – Apache Camel: Camel-Infinispan insecure deserialization The camel-infinispan component’s ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without ObjectInputFilter. An attacker who can write to t...
GHSA-JG2M-9X48-3GVJ Apache Camel has an incomplete fix for CVE-2025-27636
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
CLSA-2026-1777279578 java-11-openjdk: Fix of 6 CVEs
Upgrade to openjdk-11.0.30+7 GA. The following CVEs were fixed: - CVE-2026-21945: enhance certificate checking - CVE-2026-21932: enhance handling of URIs - CVE-2026-21933: improve HttpServer request handling - CVE-2026-21925: improve JMX connections - CVE-2025-64720: update libpng to 1.6.51 -...
CVE-2026-40860 Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp
JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...
Apache Camel 代码问题漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects in accordance with the EIP pattern, and routing and mediation rules are configured...
PT-2026-35393
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
PT-2026-35372
JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...
PT-2026-35370
Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.5 Apache Camel versions 4.15.0 through 4.18.1 Apache Camel versions 4.19.0 through 4.19.x Description Certain non-HTTP HeaderFilterStrategy implementations, specifically JmsHeaderFilterStrategy and...
Oracle Linux 8 / 9 : java-1.8.0-openjdk (ELSA-2026-9683)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-9683 advisory. 1:1.8.0.492.b09-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:1.8.0.492.b09-1 - Update to 8u492-b09 GA - Update release notes for 8u492-b09....
java-21-openjdk security update
1:21.0.11.0.10-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.11.0.10-1 - Update to jdk-21.0.11+10 GA - Update release notes to 21.0.11+10 - Update FIPS patch to feef2dc3ca7 version synced with 21.0.11+9 and adapted to JDK-8244336 - Bump freetype version to 2.14.2 following JDK-8373290...
java-1.8.0-openjdk security update
1:1.8.0.492.b09-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:1.8.0.492.b09-1 - Update to 8u492-b09 GA - Update release notes for 8u492-b09. - Add missing CVEs for 8u482. - Regenerate JDK-8199936/PR3533 patch following JDK-8374917 - Regenerate JDK-8186464/RH1433262 patch following...
OpenJDK 8 <= 8u482 / 11.0.0 <= 11.0.30 / 17.0.0 <= 17.0.18 / 21.0.0 <= 21.0.10 / 25.0.0 <= 25.0.2 / 26.0.0 <= 26.0.0 Multiple Vulnerabilities (2026-04-21)
The version of OpenJDK installed on the remote host is 8 prior to 8u482 / 11.0.0 prior to 11.0.30 / 17.0.0 prior to 17.0.18 / 21.0.0 prior to 21.0.10 / 25.0.0 prior to 25.0.2 / 26.0.0 prior to 26.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the 2026-04-21 advisory...
cc.allio.uno:uno-data-db (>=1.1.9 <=1.2.1), cc.allio.uno:uno-test (>=1.1.9 <=1.2.1) +193 more potentially affected by CVE-2026-7045 via com.baomidou:dynamic-datasource-spring-boot-common (>=4.0.0-B1 <=4.5.0)
com.baomidou:dynamic-datasource-spring-boot-common MAVEN version =4.0.0-B1, =1.1.9, =1.1.9, =2024.1.1.0, =2023.5.1.0, =2022.5.0.0, =2022.4.1.0, =1.0.0-JDK21, =1.0.0-JDK21, =4.0.0, =4.0.0, =4.5.0 - com.baomidou:dynamic-datasource-spring-boot4-starter =4.5.0 and more Source cves: CVE-2026-7045 Sour...
RHSA-2026:9689 Red Hat Security Advisory: java-21-openjdk security update
Bulletin has no description...