CVE-2017-3159 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-3159 PUBLISHED

Reported by apache · Published March 7, 2017

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.

Affected Products

Vendor	Product	Versions
Apache Software Foundation	Apache Camel	2.17.0 to 2.17.4, 2.18.0 to 2.18.1, The unsupported Camel 2.x (2.14 and earlier) versions may be also affected.
Maven	org.apache.camel:camel-snakeyaml	0, 0
Apache Software Foundation	Apache Camel	2.17.0 to 2.17.4, 2.18.0 to 2.18.1, The unsupported Camel 2.x (2.14 and earlier) versions may be also affected.

Timeline

Mar 7, 2017 CVE Published
May 24, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Jan 2, 2023 EPSS Score

References

RHSA-2017:0868 vendor-advisoryx_refsource_REDHAT
x_refsource_MISC
96321 vdb-entryx_refsource_BID
[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers mailing-listx_refsource_MLIST
x_refsource_CONFIRM
[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html mailing-listx_refsource_MLIST
[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2017-3159 advisory

Open in Interactive Console →