First published: Wed Feb 03 2016(Updated: )
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Camel | <=2.15.4 | |
Apache Camel | =2.16.0 | |
maven/org.apache.camel:camel-xstream | =2.16.0 | 2.16.1 |
maven/org.apache.camel:camel-xstream | <2.15.5 | 2.15.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.