CVE-2015-5348: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

October 16, 2018 (updated August 30, 2021)

Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

References

github.com/advisories/GHSA-26v6-w6fw-rh94
nvd.nist.gov/vuln/detail/CVE-2015-5348

Detect and mitigate CVE-2015-5348 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →