VDB
CVE-2020-11973
CVE-2020-11973
PUBLISHED
Reported by apache · Published May 14, 2020
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Apache Camel | Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 |
| n/a | Apache Camel | Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0, Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 |
| Maven | org.apache.camel:camel-netty | 2.22.0, 2.22.0 |
Timeline
- May 14, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jul 21, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- [oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11973 released for Apache Camel mailing-listx_refsource_MLIST
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-11973 advisory