VDB
CVE-2017-3159
CVE-2017-3159
PUBLISHED
Reported by apache · Published March 7, 2017
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache Software Foundation | Apache Camel | 2.17.0 to 2.17.4, 2.18.0 to 2.18.1, The unsupported Camel 2.x (2.14 and earlier) versions may be also affected. |
| Maven | org.apache.camel:camel-snakeyaml | 0, 0 |
| Apache Software Foundation | Apache Camel | *, 2.18.0 to 2.18.1, 2.18.0 to 2.18.1 |
Timeline
- Mar 7, 2017 CVE Published
- May 24, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- RHSA-2017:0868 vendor-advisoryx_refsource_REDHAT
- x_refsource_MISC
- 96321 vdb-entryx_refsource_BID
- [oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers mailing-listx_refsource_MLIST
- x_refsource_CONFIRM
- [camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2017-3159 advisory