What is the severity of CVE-2017-3159?

CVE-2017-3159 has a moderate severity level due to the potential for exploitation through Java object de-serialization.

How do I fix CVE-2017-3159?

To remediate CVE-2017-3159, upgrade the camel-snakeyaml component to version 2.18.2 or apply the patch available for version 2.17.5.

What is the impact of CVE-2017-3159?

The impact of CVE-2017-3159 includes the risk of remote code execution if untrusted data is de-serialized.

Which versions of Apache Camel are affected by CVE-2017-3159?

Apache Camel versions prior to 2.18.2, including 2.14.4, 2.17.0 to 2.17.4, and 2.18.0 to 2.18.1 are affected by CVE-2017-3159.

Is there a workaround for CVE-2017-3159?

No specific workarounds are recommended for CVE-2017-3159; upgrading to the fixed version is the best approach.

Vulnerability/
CVE-2017-3159

critical

9.8

CWE

502

9/2/2017

7/3/2017

16/10/2018

5/8/2024

CVE-2017-3159

First published: Thu Feb 09 2017(Updated: )

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. External References: <a href="http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc">http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc</a> Upstream bug: <a href="https://issues.apache.org/jira/browse/CAMEL-10575">https://issues.apache.org/jira/browse/CAMEL-10575</a>

Credit: security@apache.org

Affected Software	Affected Version	How to fix
maven/org.apache.camel:camel-snakeyaml	>=2.18.0<2.18.2	2.18.2
maven/org.apache.camel:camel-snakeyaml	<2.17.5	2.17.5
redhat/camel-snakeyaml	<2.17.5	2.17.5
Red Hat Build of Apache Camel	<=2.14.4
Red Hat Build of Apache Camel	>=2.17.0<=2.17.4
Red Hat Build of Apache Camel	>=2.18.0<=2.18.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-3159?
CVE-2017-3159 has a moderate severity level due to the potential for exploitation through Java object de-serialization.
How do I fix CVE-2017-3159?
To remediate CVE-2017-3159, upgrade the camel-snakeyaml component to version 2.18.2 or apply the patch available for version 2.17.5.
What is the impact of CVE-2017-3159?
The impact of CVE-2017-3159 includes the risk of remote code execution if untrusted data is de-serialized.
Which versions of Apache Camel are affected by CVE-2017-3159?
Apache Camel versions prior to 2.18.2, including 2.14.4, 2.17.0 to 2.17.4, and 2.18.0 to 2.18.1 are affected by CVE-2017-3159.
Is there a workaround for CVE-2017-3159?
No specific workarounds are recommended for CVE-2017-3159; upgrading to the fixed version is the best approach.

collector/github-advisory-latest
alias/GHSA-hvpr-9cr6-q5v7
alias/CVE-2017-3159
collector/github-advisory
agent/type
agent/first-publish-date
agent/softwarecombine
agent/weakness
agent/severity
agent/references
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-cve
agent/software-canonical-lookup-request
collector/nvd-index
agent/author
package-manager/maven
package-manager/redhat
vendor/apache
canonical/red hat build of apache camel
version/red hat build of apache camel/2.14.4
version/red hat build of apache camel/2.17.0
version/red hat build of apache camel/2.17.4
version/red hat build of apache camel/2.18.0
version/red hat build of apache camel/2.18.1