Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel

Related Vulnerabilities: CVE-2020-11972  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Andrea Cosentino &lt;ancosen1985 () yahoo com&gt;

Date: Thu, 14 May 2020 14:26:30 +0000 (UTC)

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Let me add the credit too

Credit: This issue was discovered by Colm O. HEigeartaigh &lt;coheigea at apache dot org&gt; from Apache Software Foundation

--
Andrea Cosentino&nbsp;
----------------------------------
Apache Camel PMC Chair
Apache Karaf Committer
Apache Servicemix PMC Member
Email: ancosen1985 () yahoo com
Twitter: @oscerd2
Github: oscerd

On Thursday, May 14, 2020, 04:24:12 PM GMT+2, Andrea Cosentino &lt;ancosen1985 () yahoo com.invalid&gt; wrote: 

A new security advisory has been released for Apache Camel, that is fixed in
the recent 2.25.1 and 3.2.0 releases.

CVE-2020-11972: Apache Camel RabbitMQ enables Java deserialization by default

Severity: MEDIUM

Vendor: The Apache Software Foundation

Versions Affected: Camel 2.25.0, Camel 3.0.0 to 3.1.0. The unsupported Camel 2.x (2.24 and earlier) versions may be 
also affected.

Description: Apache Camel RabbitMQ enables Java deserialization by default

Mitigation: 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0 The JIRA tickets: 
https://issues.apache.org/jira/browse/CAMEL-14711 refers to the various commits that resovoled the issue, and have more 
details.

On behalf of the Apache Camel PMC

--
Andrea Cosentino&nbsp;
----------------------------------
Apache Camel PMC Chair
Apache Karaf Committer
Apache Servicemix PMC Member
Email: ancosen1985 () yahoo com
Twitter: @oscerd2
Github: oscerd

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

[SECURITY] New security advisory CVE-2020-11972 released for Apache Camel Andrea Cosentino (May 14)

Re: [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel Andrea Cosentino (May 14)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started