CVE-2020-11973

CRITICAL

Apache Camel < 2.25.0 - Insecure Deserialization

Title source: rule

Description

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

References (6)

Scores

CVSS v3 9.8
EPSS 0.0842
EPSS Percentile 92.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-502
Status published

Affected Products (7)

apache/camel < 2.25.0
oracle/communications_diameter_signaling_router < 8.5.0
oracle/enterprise_manager_base_platform
oracle/enterprise_manager_base_platform
oracle/flexcube_private_banking
oracle/flexcube_private_banking
org.apache.camel/camel-netty < 3.2.0Maven

Timeline

Published May 14, 2020
Tracked Since Feb 18, 2026