CVE-2020-11972

CRITICAL9.8EPSS 6.9%

Deserialization of Untrusted Data in Apache Camel RabbitMQ

發布日:2021/5/21修改日:2023/11/8

描述

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

受影響套件(1)

Maven/org.apache.camel:camel-rabbitmqfrom 0, < 2.25.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-11972
WEBhttps://camel.apache.org/security/CVE-2020-11972.html
WEBhttps://www.oracle.com/security-alerts/cpujan2021.html
WEBhttps://www.oracle.com/security-alerts/cpuoct2020.html
WEBhttp://www.openwall.com/lists/oss-security/2020/05/14/10
WEBhttp://www.openwall.com/lists/oss-security/2020/05/14/8