CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq

Description

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/05/14/10

http://www.openwall.com/lists/oss-security/2020/05/14/8

https://camel.apache.org/security/CVE-2020-11972.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2021-23358 Vulnerability in maven package org.webjars.bower:underscore

CVE-2023-28709 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-11021 Vulnerability in npm package @actions/http-client

CVE-2023-37964 Vulnerability in maven package org.jenkins-ci.plugins:elasticbox

CVE-2020-15095 Vulnerability in maven package org.webjars.bower:npm

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H