Advisories for Maven/Org.apache.camel/Camel-Jacksonxml package

2017

Remote Code Execution attacks

This package is vulnerable to Java object de-serialization vulnerability. Camel allows to specify such a type through the CamelJacksonUnmarshalType property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.