CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq

Description

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Remediation

References

https://camel.apache.org/security/CVE-2020-11972.html

http://www.openwall.com/lists/oss-security/2020/05/14/8

http://www.openwall.com/lists/oss-security/2020/05/14/10

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpujan2021.html

Related Vulnerabilities

CVE-2022-24847 Vulnerability in maven package org.geoserver.web:gs-web-sec-jdbc

CVE-2020-10721 Vulnerability in maven package io.fabric8:fabric8-maven-plugin-core

CVE-2022-45690 Vulnerability in maven package cn.hutool:hutool-json

CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_2.13

CVE-2019-10360 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H