Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-12634

UNKNOWN
Published 2017-11-15T15:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-12634. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Camel

Affected Versions:

2.19.0 to 2.19.3 2.20.0 The unsupported Camel 2.x (2.18 and earlier) versions may be also affected.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation

GHSA-vf4q-8mr7-5c5c

Advisory Details

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

Affected Packages

Maven org.apache.camel:camel-castor
ECOSYSTEM: ≥2.0.0 <2.19.4
Maven org.apache.camel:camel-castor
ECOSYSTEM: ≥2.20.0 <2.20.1

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-12634
WEB https://github.com/apache/camel/commit/2ae645e90edff3bcc1b958cb53ddc5e60a7f49fd
WEB https://github.com/apache/camel/commit/573ebd3de810cc7e239f175e1d2d6993f1f2ad08
WEB https://github.com/apache/camel/commit/ad3c1ce9d8300c339cfa7d0f4a4dea691a947988
WEB https://github.com/apache/camel/commit/adc06a78f04c8d798709a5818104abe5a8ae4b38
WEB https://github.com/apache/camel/commit/bdff8f3f3583e4f14cdaf24f2037e0fbef252630
WEB https://github.com/apache/camel/commit/c613905e95a3dab87158d9526aea9439f2de9621
WEB https://access.redhat.com/errata/RHSA-2018:0319
ADVISORY https://github.com/advisories/GHSA-vf4q-8mr7-5c5c
PACKAGE https://github.com/apache/camel
WEB https://issues.apache.org/jira/browse/CAMEL-11929
WEB https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
WEB https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
WEB http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc
WEB http://www.securityfocus.com/bid/101876

Advisory provided by GitHub Security Advisory Database. Published: October 16, 2018, Modified: December 13, 2023

References

https://access.redhat.com/errata/RHSA-2018:0319
http://www.securityfocus.com/bid/101876
https://issues.apache.org/jira/browse/CAMEL-11929
http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
Published: 2017-11-15T15:00:00Z
Last Modified: 2024-09-16T18:43:28.109Z
Copied to clipboard!