2 matches found
CVE-2026-40858 Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...
PT-2026-34329
Name of the Vulnerable Software and Affected Versions camel-infinispan affected versions not specified Description Unsafe deserialization exists in the ProtoStream remote aggregation repository. A remote attacker with low privileges can send specially crafted data to achieve arbitrary code...