VDB
CVE-2017-12633
CVE-2017-12633
PUBLISHED
CVSS 7.5 HIGH
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
EPSS 3.41% · 87.7th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
3.41%
87.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apache | camel | 2.0.0, 2.20.0 |
| Apache Software Foundation | Apache Camel | 2.20.0, 2.19.0 to 2.19.3, The unsupported Camel 2.x (2.18 and earlier) versions may be also affected. |
| Maven | org.apache.camel:camel-hessian | 2.20.0, 2.0, 2.20.0 |
Exploit Intelligence
- 101874 (circl)
- RHSA-2018:0319 (circl)
- https://issues.apache.org/jira/browse/CAMEL-11923 (circl)
- http://camel.apache.org/security-advisories.data/CVE-2017-12633.txt.asc (circl)
- [camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html (circl)
- [camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html (circl)
Timeline
- Nov 15, 2017 CVE Published
- May 24, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- 101874 vdb
- RHSA-2018:0319 vendor-advisory
- https://issues.apache.org/jira/browse/CAMEL-11923 url
- http://camel.apache.org/security-advisories.data/CVE-2017-12633.txt.asc url
- [camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html mailing-list
- [camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2017-12633 advisory
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E url
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E url