VYPR
Get started
← All advisories
High severity8.1NVD Advisory· Published Apr 15, 2016· Updated May 6, 2026

CVE-2015-5348

CVE-2015-5348

Description

Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.camel:camel-jettyMaven
< 2.15.52.15.5
org.apache.camel:camel-jettyMaven
>= 2.16.0, < 2.16.12.16.1
org.apache.camel:camel-servletMaven
< 2.15.52.15.5
org.apache.camel:camel-servletMaven
>= 2.16.0, < 2.16.12.16.1
org.apache.camel:camel-httpMaven
< 2.15.52.15.5
org.apache.camel:camel-httpMaven
>= 2.16.0, < 2.16.12.16.1
org.apache.camel:camel-http-commonMaven
< 2.15.52.15.5
org.apache.camel:camel-http-commonMaven
>= 2.16.0, < 2.16.12.16.1
org.apache.camel:camel-http4Maven
< 2.15.52.15.5
org.apache.camel:camel-http4Maven
>= 2.16.0, < 2.16.12.16.1
org.apache.camel:camel-ahcMaven
< 2.15.52.15.5
org.apache.camel:camel-ahcMaven
>= 2.16.0, < 2.16.12.16.1

Affected products

58
  • Apache/Camel58 versions
    cpe:2.3:a:apache:camel:2.10.0:*:*:*:*:*:*:*+ 57 more
    • cpe:2.3:a:apache:camel:2.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.10.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.10.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.11.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.12.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.12.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.12.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.13.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.13.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.14.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.14.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.14.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.15.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.15.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.15.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.16.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.9.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.9.8:*:*:*:*:*:*:*

Patches

21
e7fd5f049c2f
https://github.com/apache/camelvia ghsa
commit
515c822148d5
https://github.com/apache/camelvia ghsa
commit
4f065fe07c1d
https://github.com/apache/camelvia ghsa
commit
13e43c1412ad
https://github.com/apache/camelvia ghsa
commit
c558f30a6d38
https://github.com/apache/camelvia ghsa
commit
9cbd5867fe73
https://github.com/apache/camelvia ghsa
commit
5ea0a6f6c6a5
https://github.com/apache/camelvia ghsa
commit
f7f0b18f6924
https://github.com/apache/camelvia ghsa
commit
d85385346929
https://github.com/apache/camelvia ghsa
commit
c47cffcadabc
https://github.com/apache/camelvia ghsa
commit
a68434c258cd
https://github.com/apache/camelvia ghsa
commit
94330f99acb6
https://github.com/apache/camelvia ghsa
commit
92081b203523
https://github.com/apache/camelvia ghsa
commit
7e28d0af471e
https://github.com/apache/camelvia ghsa
commit
735ee02c6939
https://github.com/apache/camelvia ghsa
commit
44e6a3036e5a
https://github.com/apache/camelvia ghsa
commit
349109b08347
https://github.com/apache/camelvia ghsa
commit
32eacdaff16f
https://github.com/apache/camelvia ghsa
commit
1b1ccbcd9486
https://github.com/apache/camelvia ghsa
commit
190d7c81b7e3
https://github.com/apache/camelvia ghsa
commit
0afcf721ff20
https://github.com/apache/camelvia ghsa
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

33

News mentions

0

No linked articles in our index yet.