The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

Affected Packages

Maven org.apache.camel:camel-hessian

Affected versions: 2.0 (fixed in 2.19.4)

Maven org.apache.camel:camel-hessian

Affected versions: 2.20.0 (fixed in 2.20.1)

Related CVEs

CVE-2017-12633

Key Information

GHSA ID

GHSA-5whj-523x-6j68

Published

May 14, 2022 1:00 AM

Last Modified

November 22, 2022 7:38 PM

CVSS Score

9.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.camel:camel-hessian

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.