Published: 03/02/2016 Updated: 24/05/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The camel-xstream component in Apache Camel prior to 2.15.5 and 2.16.x prior to 2.16.1 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache camel 2.16.0

apache camel

Vendor Advisories

It was found that Apache Camel's camel-xstream component was vulnerable to Java object deserialization This vulnerability permits deserialization of data which could lead to information disclosure, code execution, or other possible attacks ...

Github Repositories

Compiled dataset of Java deserialization CVEs

Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/31 risk CV