CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq

Description

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/05/14/10

http://www.openwall.com/lists/oss-security/2020/05/14/8

https://camel.apache.org/security/CVE-2020-11972.html

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com/security-alerts/cpuoct2020.html

Related Vulnerabilities

CVE-2020-2232 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2020-27665 Vulnerability in npm package strapi-plugin-content-type-builder

CVE-2020-14062 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2019-1010266 Vulnerability in maven package org.webjars:lodash

CVE-2019-13127 Vulnerability in maven package org.webjars.bowergithub.jgraph:mxgraph

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H