CVE-2017-12634 – camel-castor: Apache Camel's Castor unmarshalling operation is vulnerable to Remote Code Execution attacks
https://notcve.org/view.php?id=CVE-2017-12634
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. El componente camel-castor en Apache Camel en versiones 2.x anteriores a la 2.19.4 y las versiones 2.20.x anteriores a la 2.20.1 es vulnerable a una deserialización de objetos Java. La deserialización de datos no fiables puede conducir a fallos de seguridad. It was found that Apache Camel contains a security vulnerability via camel-castor component. • http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc http://www.securityfocus.com/bid/101876 https://access.redhat.com/errata/RHSA-2018:0319 https://issues.apache.org/jira/browse/CAMEL-11929 https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E https://access.redhat.com/security/cve/CVE-2017-12634 https:/ • CWE-502: Deserialization of Untrusted Data •