-
Notifications
You must be signed in to change notification settings - Fork 170
/
CVE-2020-11973.txt.asc
27 lines (19 loc) · 1.2 KB
/
CVE-2020-11973.txt.asc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2020-11973: Apache Camel Netty enables Java deserialization by default
Severity: MEDIUM
Vendor: The Apache Software Foundation
Versions Affected: Camel 2.25.0, Camel 3.0.0 to 3.1.0. The unsupported Camel 2.x (2.24 and earlier) versions may be also affected.
Description: Apache Camel Netty enables Java deserialization by default
Mitigation: 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0 The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-14447 refers to the various commits that resovoled the issue, and have more details.
Credit: This issue was discovered by Colm O. HEigeartaigh <coheigea at apache dot org> from Apache Software Foundation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJevUX3AAoJEONOnzgC/0EANycIAJD8FSGAr+HGQPBig7wvTR3D
NAOCQjjPrC3KiLrBTW82JBU/0n/tWYTx9hSa1DmafKa4Cu/yO3SWaKbH/V6pT5QC
NJZPn/bOIEyfNErRKIVuLmf9/I0Cwd2rb3CJVN3OhQv0xvE8PcyXQ0F/wDYVXlbR
Lu3HR5dWaNVUC9bs/DCrC2SKI9XKq17JhSYu+W6hHGWrYSIcMvgxV8wOK5gigjLf
Yih+gO378cI1kuq5anf2xAiRxGmDL41uuwQXC+lmrG61UM7ozZe+Tz8/QdBJc4hZ
sxD40oW1UXRqAnmcUkJEpEdSqa740XSWcVVgSOCCn78YAOHm96pcSN0S6JZf1f8=
=Ks1J
-----END PGP SIGNATURE-----