CVE-2017-12634

Summary

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Camel2.19.0 to 2.19.3affected
Apache Software FoundationApache Camel2.20.0affected
Apache Software FoundationApache CamelThe unsupported Camel 2.x (2.18 and earlier) versions may be also affected.affected

Weaknesses

  • Apache Camel's Castor unmarshalling operation is vulnerable to Remote Code Execution attacks

ADP Enrichment

CVE Program Container

Additional References

References