CVE-2020-11973

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:59

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2020/05/14/9 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2020/05/14/9 - Mailing List, Third Party Advisory
References () https://camel.apache.org/security/CVE-2020-11973.html - Vendor Advisory () https://camel.apache.org/security/CVE-2020-11973.html - Vendor Advisory
References () https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory () https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory

Information

Published : 2020-05-14 17:15

Updated : 2024-11-21 04:59


NVD link : CVE-2020-11973

Mitre link : CVE-2020-11973

CVE.ORG link : CVE-2020-11973


JSON object : View

Products Affected

oracle

  • flexcube_private_banking
  • communications_diameter_signaling_router
  • enterprise_manager_base_platform

apache

  • camel
CWE
CWE-502

Deserialization of Untrusted Data