CVE-2017-3159

Description

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization. De-serializing untrusted data can lead to security flaws.

How to fix CVE-2017-3159

To remediate CVE-2017-3159, upgrade the affected package to a fixed version below.

• Maven/org.apache.camel:camel-snakeyaml—upgrade to 2.17.5 or later

Is CVE-2017-3159 being exploited?

Low — EPSS is 2.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.17.5

CVSS scores

References (18)

• ADVISORYgithub.com/advisories/GHSA-hvpr-9cr6-q5v7
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-3159
• PATCHgithub.com/apache/camel
• WEBcamel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc?version=1&modificationDate=1486565167000&api=v2