{"id":"CVE-2020-11973","details":"Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.","aliases":["GHSA-h79p-32mx-fjj9"],"modified":"2026-04-11T12:24:20.088061Z","published":"2020-05-14T17:15:12.193Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"8.0.0"},{"last_affected":"8.5.0"}]},{"cpe":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"13.3.0.0"}]},{"cpe":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"13.4.0.0"}]},{"cpe":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"12.0.0"}]},{"cpe":"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"12.1.0"}]}]},"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/05/14/9"},{"type":"ADVISORY","url":"https://camel.apache.org/security/CVE-2020-11973.html"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/camel","events":[{"introduced":"363777cc93ab6072cd12d2a231c2165cbc6c0524"},{"last_affected":"fa2a3c885e621014e1d54663b141b9f10b1299a4"},{"introduced":"ac11f88de7594232c3c28532a19377764665ce13"},{"last_affected":"9636f69dd42c5b01052875f960fb05d2edc4a8a9"}],"database_specific":{"cpe":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"2.22.0"},{"last_affected":"2.25.0"},{"introduced":"3.0.0"},{"last_affected":"3.1.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11973.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}