CVE-2017-3159

CVSS v3.0 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.92 % (83^th)

Affected Products 1

Advisories 1

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.

Weaknesses

CWE-502: Deserialization of Untrusted Data

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2017-03-07 15:59:00
(7 years ago)
Updated Date: 2023-11-07 02:44:04
(10 months ago)

Affected Products

Apache

Camel

Configuration #1

	CPE23	From	Up To
Apache Camel 2.14.4 and prior versions	cpe:2.3:a:apache:camel		<= 2.14.4
Apache Camel from 2.17.0 version and 2.17.4 and prior versions	cpe:2.3:a:apache:camel	>= 2.17.0	<= 2.17.4
Apache Camel from 2.18.0 version and 2.18.1 and prior versions	cpe:2.3:a:apache:camel	>= 2.18.0	<= 2.18.1