Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.camel/camel-mina@3.14.2

Type maven

Namespace org.apache.camel

Name camel-mina

Version 3.14.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.14.6

Latest_non_vulnerable_version 4.20.0

Affected_by_vulnerabilities

url VCID-pcva-4pt6-2ye4

vulnerability_id VCID-pcva-4pt6-2ye4

summary

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput (for example via getBody(ObjectInput.class) or @Body ObjectInput), an attacker sending a crafted serialized Java object over the network to the MINA consumer port can trigger arbitrary code execution in the context of the application during readObject().

This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0.

Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40473.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40473.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40473

reference_id

reference_type

scores

value	0.00059
scoring_system	epss
scoring_elements	0.18609
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40473

reference_url

https://github.com/apache/camel

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/camel

reference_url

https://github.com/apache/camel/commit/8e7f6335d2b4b096df26f8221723405ceaee275a

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/camel/commit/8e7f6335d2b4b096df26f8221723405ceaee275a

reference_url

https://github.com/apache/camel/commit/b605816d11c253d22989abc290c198be83e3f817

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/camel/commit/b605816d11c253d22989abc290c198be83e3f817

reference_url

https://github.com/apache/camel/commit/c35b0a3720f8c80025b06112d5d9c2932426d7f0

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/camel/commit/c35b0a3720f8c80025b06112d5d9c2932426d7f0

reference_url

https://github.com/apache/camel/pull/22583

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/camel/pull/22583

reference_url

https://github.com/apache/camel/pull/22584

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/camel/pull/22584

reference_url

https://github.com/apache/camel/pull/22585

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/camel/pull/22585

reference_url

https://issues.apache.org/jira/browse/CAMEL-23319

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/CAMEL-23319

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40473

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40473

reference_url

http://www.openwall.com/lists/oss-security/2026/04/26/8

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/26/8

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2463180
reference_id	2463180
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2463180

reference_url

https://camel.apache.org/security/CVE-2026-40473.html

reference_id

CVE-2026-40473.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-27T14:12:43Z/

url

https://camel.apache.org/security/CVE-2026-40473.html

reference_url

https://github.com/advisories/GHSA-vpr3-2659-rw55

reference_id

GHSA-vpr3-2659-rw55

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vpr3-2659-rw55

fixed_packages

url	pkg:maven/org.apache.camel/camel-mina@4.14.6
purl	pkg:maven/org.apache.camel/camel-mina@4.14.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-mina@4.14.6

url	pkg:maven/org.apache.camel/camel-mina@4.18.2
purl	pkg:maven/org.apache.camel/camel-mina@4.18.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-mina@4.18.2

url	pkg:maven/org.apache.camel/camel-mina@4.20.0
purl	pkg:maven/org.apache.camel/camel-mina@4.20.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-mina@4.20.0

aliases CVE-2026-40473, GHSA-vpr3-2659-rw55

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pcva-4pt6-2ye4

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-mina@3.14.2

Package Instance