[MAVEN:GHSA-5WHJ-523X-6J68] Apache Camel camel-hessian component vulnerable to Java object deserialization

Severity Critical

Affected Packages 2

Fixed Packages 2

CVEs 1

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

Package	Affected Version
pkg:maven/org.apache.camel/camel-hessian	= 2.20.0
pkg:maven/org.apache.camel/camel-hessian	>= 2.0, < 2.19.4

Package	Fixed Version
pkg:maven/org.apache.camel/camel-hessian	= 2.20.1
pkg:maven/org.apache.camel/camel-hessian	= 2.19.4

ID: MAVEN:GHSA-5WHJ-523X-6J68
Severity: critical
URL: https://github.com/advisories/GHSA-5whj-523x-6j68
Published: 2022-05-14T01:00:38
(2 years ago)
Modified: 2023-02-02T05:02:51
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2017-12633
			https://access.redhat.com/errata/RHSA-2018:0319
			https://issues.apache.org/jira/browse/CAMEL-11923
			https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
			https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
			http://camel.apache.org/security-advisories.data/CVE-2017-12633.txt.asc
			http://www.securityfocus.com/bid/101874
			https://github.com/advisories/GHSA-5whj-523x-6j68

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.apache.camel/camel-hessian	org.apache.camel	camel-hessian	= 2.20.0
Fixed	pkg:maven/org.apache.camel/camel-hessian	org.apache.camel	camel-hessian	= 2.20.1
Affected	pkg:maven/org.apache.camel/camel-hessian	org.apache.camel	camel-hessian	>= 2.0 < 2.19.4
Fixed	pkg:maven/org.apache.camel/camel-hessian	org.apache.camel	camel-hessian	= 2.19.4

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date