Severity
High
Analysis Summary
Apache Camel could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Java application component in Netty. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
Execution of arbitrary code
Affected Vendors
Apache
Affected Products
- Apache Camel 2.22.0
- Apache Camel 2.23.0
- Apache Camel 2.24.0
- Apache Camel 2.25.0
- Apache Camel 3.0
- Apache Camel 3.1.0
Remediation
Upgrade to the latest version of Apache Camel (2.25.1, 3.2.0 or later).