Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Apache Subscribe
Filtered by product Camel

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11973 2 Apache, Oracle 4 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 1 more 2021-07-20 7.5 HIGH 9.8 CRITICAL
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2020-11972 2 Apache, Oracle 4 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 1 more 2021-03-15 7.5 HIGH 9.8 CRITICAL
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2017-12633 1 Apache 1 Camel 2019-05-24 7.5 HIGH 9.8 CRITICAL
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2017-12634 1 Apache 1 Camel 2019-05-24 7.5 HIGH 9.8 CRITICAL
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2015-5344 1 Apache 1 Camel 2019-05-24 7.5 HIGH 9.8 CRITICAL
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
CVE-2018-8027 1 Apache 1 Camel 2019-05-24 7.5 HIGH 9.8 CRITICAL
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
CVE-2017-3159 1 Apache 1 Camel 2019-05-24 7.5 HIGH 9.8 CRITICAL
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2016-8749 1 Apache 1 Camel 2019-05-24 7.5 HIGH 9.8 CRITICAL
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.