VYPR
Critical severity9.8NVD Advisory· Published Nov 15, 2017· Updated Jun 17, 2026

CVE-2017-12634

CVE-2017-12634

Description

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.camel:camel-castorMaven
>= 2.0.0, < 2.19.42.19.4
org.apache.camel:camel-castorMaven
>= 2.20.0, < 2.20.12.20.1

Affected products

4
  • Apache/Camel3 versions
    cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*range: >=2.0.0,<2.19.4
    • cpe:2.3:a:apache:camel:2.20.0:*:*:*:*:*:*:*
    • (no CPE)range: 2.19.0 to 2.19.3
  • ghsa-coords
    Range: >= 2.0.0, < 2.19.4

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.