{"id":"CVE-2020-11972","details":"Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.","aliases":["GHSA-2x6r-7427-95cm"],"modified":"2026-04-11T12:24:20.510817Z","published":"2020-05-14T17:15:12.117Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"8.0.0"},{"last_affected":"8.2.2"}],"cpe":"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"13.3.0.0"}],"cpe":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"13.4.0.0"}],"cpe":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"12.0.0"}],"cpe":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"12.1.0"}],"cpe":"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/05/14/10"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/05/14/8"},{"type":"ADVISORY","url":"https://camel.apache.org/security/CVE-2020-11972.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/camel","events":[{"introduced":"363777cc93ab6072cd12d2a231c2165cbc6c0524"},{"last_affected":"fa2a3c885e621014e1d54663b141b9f10b1299a4"},{"introduced":"ac11f88de7594232c3c28532a19377764665ce13"},{"last_affected":"9636f69dd42c5b01052875f960fb05d2edc4a8a9"}],"database_specific":{"extracted_events":[{"introduced":"2.22.0"},{"last_affected":"2.25.0"},{"introduced":"3.0.0"},{"last_affected":"3.1.0"}],"cpe":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11972.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}