CVE-2020-11973

Summary

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Affected Software

VendorProductVersion RangeStatus
n/aApache CamelApache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0affected

Weaknesses

  • Java deserialization

ADP Enrichment

CVE Program Container

Additional References

References