First published: Thu Feb 09 2017(Updated: )
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. External References: <a href="http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc">http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc</a> Upstream bug: <a href="https://issues.apache.org/jira/browse/CAMEL-10575">https://issues.apache.org/jira/browse/CAMEL-10575</a>
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Camel | <=2.14.4 | |
Apache Camel | >=2.17.0<=2.17.4 | |
Apache Camel | >=2.18.0<=2.18.1 | |
maven/org.apache.camel:camel-snakeyaml | >=2.18.0<2.18.2 | 2.18.2 |
maven/org.apache.camel:camel-snakeyaml | <2.17.5 | 2.17.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.