Critical severity9.8NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026
CVE-2017-12633
CVE-2017-12633
Description
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.camel:camel-hessianMaven | >= 2.0, < 2.19.4 | 2.19.4 |
org.apache.camel:camel-hessianMaven | >= 2.20.0, < 2.20.1 | 2.20.1 |
Affected products
2- Apache Software Foundation/Apache Camelv5Range: 2.19.0 to 2.19.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- camel.apache.org/security-advisories.data/CVE-2017-12633.txt.ascnvdIssue TrackingVendor AdvisoryWEB
- www.securityfocus.com/bid/101874nvdThird Party AdvisoryVDB EntryWEB
- access.redhat.com/errata/RHSA-2018:0319nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-5whj-523x-6j68ghsaADVISORY
- issues.apache.org/jira/browse/CAMEL-11923nvdIssue TrackingVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-12633ghsaADVISORY
- lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3Envd
- lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3Envd
News mentions
0No linked articles in our index yet.