CVE-2016-8749

CWE-502Deserialization of Untrusted Data8 documents7 sources
Severity
9.8CRITICAL
EPSS
12.2%
top 6.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache CamelApache Camel
Timeline
PublishedMar 28
Latest updateOct 16

Description

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Mavenorg.apache.camel:camel-jackson2.17.02.17.5+2
NVDapache/camel12 versions+11

🔴Vulnerability Details

3
GHSA
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks2018-10-16
OSV
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks2018-10-16
CVEList
CVE-2016-8749: Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks2017-03-28

📋Vendor Advisories

2
Red Hat
camel-jacksonxml: Unmarshalling operation are vulnerable to RCE2016-12-07
Apache
Apache camel: CVE-2016-8749

💬Community

2
Bugzilla
CVE-2016-8749 camel-jackson, camel-jacksonxml: Unmarshalling operation are vulnerable to RCE2017-02-09
Bugzilla
CVE-2015-8749 openstack-nova: Xen connection password leak in logs via StorageError2016-01-08