{"containers":{"cna":{"affected":[{"product":"Apache Camel","vendor":"n/a","versions":[{"status":"affected","version":"Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"}]}],"descriptions":[{"lang":"en","value":"Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."}],"problemTypes":[{"descriptions":[{"description":"Java deserialization","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-07-20T22:54:04.000Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"name":"[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11973 released for Apache Camel","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2020/05/14/9"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"tags":["x_refsource_MISC"],"url":"https://camel.apache.org/security/CVE-2020-11973.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2020-11973","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Camel","version":{"version_data":[{"version_value":"Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Java deserialization"}]}]},"references":{"reference_data":[{"name":"[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11973 released for Apache Camel","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2020/05/14/9"},{"name":"https://www.oracle.com/security-alerts/cpuoct2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"name":"https://camel.apache.org/security/CVE-2020-11973.html","refsource":"MISC","url":"https://camel.apache.org/security/CVE-2020-11973.html"},{"name":"https://www.oracle.com/security-alerts/cpujan2021.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"name":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"MISC","url":"https://www.oracle.com//security-alerts/cpujul2021.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T11:48:56.989Z"},"title":"CVE Program Container","references":[{"name":"[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11973 released for Apache Camel","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2020/05/14/9"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://camel.apache.org/security/CVE-2020-11973.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"}]}]},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2020-11973","datePublished":"2020-05-14T16:22:23.000Z","dateReserved":"2020-04-21T00:00:00.000Z","dateUpdated":"2024-08-04T11:48:56.989Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}