| title | url | date | draft | type | cve | severity | summary | description | mitigation | credit | affected | fixed |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Apache Camel Security Advisory - CVE-2017-3159 |
/security/CVE-2017-3159.html |
2017-03-07 02:59:00 -0800 |
false |
security-advisory |
CVE-2017-3159 |
MEDIUM |
Apache Camel's Snakeyaml unmarshalling operation is vulnerable to Remote Code Execution attacks |
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. |
2.17.x users should upgrade to 2.17.5, 2.18.x users should upgrade to 2.18.2. |
This issue was discovered by Moritz Bechler from AgNO3 GmbH & Co. |
2.17.0 up to 2.17.4, 2.18.0 up to 2.18.1 |
2.17.5, 2.18.2 and newer |
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-10575 refers to the various commits that resovoled the issue, and have more details.