Skip to content

Latest commit

 

History

History
18 lines (16 loc) · 784 Bytes

CVE-2020-11973.md

File metadata and controls

18 lines (16 loc) · 784 Bytes
title date url draft type cve severity summary description mitigation credit affected fixed
Apache Camel Security Advisory - CVE-2020-11973
2020-05-14 14:47:42 +0200
/security/CVE-2020-11973.html
false
security-advisory
CVE-2020-11973
MEDIUM
Apache Camel Netty enables Java deserialization by default
Apache Camel Netty enables Java deserialization by default
2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0
This issue was discovered by Colm O. HEigeartaigh <coheigea at apache dot org> from Apache Software Foundation
2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0
2.25.1, 3.2.0

The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-14477 refers to the various commits that resovoled the issue, and have more details.