[ENTESB-7397] CVE-2017-12633 camel-hessian: Apache Camel's Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks - Red Hat Issue Tracker

Type: Task
Resolution: Done
Priority: Minor
Fix Version/s: fuse-6.x-GA
Affects Version/s: jboss-fuse-6.3
Component/s: Camel
Labels:
None

Fuse Progress Bar:

% %

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Apache Camel's camel-hessian component is vulnerable to Java object
de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

Versions Affected: Camel 2.19.0 to 2.19.3 and Camel 2.20.0
The unsupported Camel 2.x (2.18 and earlier) versions may be also affected.
https://bugzilla.redhat.com/show_bug.cgi?id=1513382

links to

CAMEL-11923

Assignee:: Andrea Cosentino

Reporter:: Andrea Cosentino

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/10/25 9:13 AM

Updated:: 2018/02/14 2:30 PM

Resolved:: 2017/10/30 4:56 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide