| title | date | url | draft | type | cve | severity | summary | description | mitigation | credit | affected | fixed |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Apache Camel Security Advisory - CVE-2020-11973 |
2020-05-14 14:47:42 +0200 |
/security/CVE-2020-11973.html |
false |
security-advisory |
CVE-2020-11973 |
MEDIUM |
Apache Camel Netty enables Java deserialization by default |
Apache Camel Netty enables Java deserialization by default |
2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0 |
This issue was discovered by Colm O. HEigeartaigh <coheigea at apache dot org> from Apache Software Foundation |
2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 |
2.25.1, 3.2.0 |
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-14477 refers to the various commits that resovoled the issue, and have more details.