| title | url | date | draft | type | cve | severity | summary | description | mitigation | credit | affected | fixed |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Apache Camel Security Advisory - CVE-2017-12634 |
/security/CVE-2017-12634.html |
2017-11-15 02:29:00 -0800 |
false |
security-advisory |
CVE-2017-12634 |
MEDIUM |
Apache Camel's Castor unmarshalling operation is vulnerable to Remote Code Execution attacks |
Apache Camel's camel-castor component is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. |
2.19.x users should upgrade to 2.19.4, 2.20.0 users should upgrade to 2.20.1. |
This issue was discovered by Man Yue Mo <mmo at semmle dot com> from Semmle/lgtm.com. |
2.19.0 up to 2.19.3, 2.20.0 |
2.19.4, 2.20.1 and newer |
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-11929 refers to the various commits that resovoled the issue, and have more details.