CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq

Description

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Remediation

References

https://camel.apache.org/security/CVE-2020-11972.html

http://www.openwall.com/lists/oss-security/2020/05/14/8

http://www.openwall.com/lists/oss-security/2020/05/14/10

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.oracle.com/security-alerts/cpujan2021.html

Related Vulnerabilities

CVE-2013-4322 Vulnerability in maven package org.apache.tomcat:coyote

CVE-2023-37582 Vulnerability in maven package org.apache.rocketmq:rocketmq-namesrv

CVE-2022-25881 Vulnerability in npm package http-cache-semantics

CVE-2020-2295 Vulnerability in maven package org.jkva.maven-plugins:cascading-release-maven-plugin

CVE-2010-5312 Vulnerability in maven package org.webjars:jquery-ui

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H