Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Camel
APPApache2.22.0 – 2.25.03.0.0 – 3.1.0Oracle Communications Diameter Signaling Router
APPOracle8.0.0 – 8.5.0Oracle Enterprise Manager Base Platform
APPOracle13.3.0.013.4.0.0Oracle Flexcube Private Banking
APPOracle12.0.012.1.0
Related vulnerabilities
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invoc...
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbit...
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...