VDB
CVE-2020-11972
CVE-2020-11972
PUBLISHED
Reported by apache · Published May 14, 2020
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Apache Camel | Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 |
| n/a | Apache Camel | *, * |
| Maven | org.apache.camel:camel-rabbitmq | 2.22.0, 2.22.0 |
Timeline
- May 14, 2020 CVE Published
- May 20, 2020 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- [oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel mailing-listx_refsource_MLIST
- [oss-security] 20200514 Re: [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel mailing-listx_refsource_MLIST
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-11972 advisory