{"url":"http://public2.vulnerablecode.io/api/packages/180372?format=json","purl":"pkg:maven/org.apache.camel/camel-jackson@2.15.4","type":"maven","namespace":"org.apache.camel","name":"camel-jackson","version":"2.15.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.16.5","latest_non_vulnerable_version":"2.18.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38499?format=json","vulnerability_id":"VCID-25xs-qmuf-zua2","summary":"Remote Code Execution attacks\nThis package is vulnerable to Java object de-serialization vulnerability. Camel allows to specify such a type through the `CamelJacksonUnmarshalType` property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.","references":[{"reference_url":"http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc","reference_id":"CVE-2016-8749.TXT.ASC","reference_type":"","scores":[],"url":"http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc"},{"reference_url":"http://www.cvedetails.com/cve/CVE-2016-9571/","reference_id":"CVE-2016-9571","reference_type":"","scores":[],"url":"http://www.cvedetails.com/cve/CVE-2016-9571/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53340?format=json","purl":"pkg:maven/org.apache.camel/camel-jackson@2.16.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-jackson@2.16.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53341?format=json","purl":"pkg:maven/org.apache.camel/camel-jackson@2.17.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-jackson@2.17.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53342?format=json","purl":"pkg:maven/org.apache.camel/camel-jackson@2.18.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-jackson@2.18.2"}],"aliases":["CVE-2016-9571"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25xs-qmuf-zua2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38528?format=json","vulnerability_id":"VCID-qkw3-29b4-b3hq","summary":"Deserialization of Untrusted Data\nApache Camel's Jackson and JacksonXML unmarshalling operation is vulnerable to Remote Code Execution attacks.","references":[{"reference_url":"http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc?version=2&modificationDate=1486565034000&api=v2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc?version=2&modificationDate=1486565034000&api=v2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1832","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1832"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8749.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8749","reference_id":"","reference_type":"","scores":[{"value":"0.12248","scoring_system":"epss","scoring_elements":"0.93982","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12248","scoring_system":"epss","scoring_elements":"0.93996","published_at":"2026-06-09T12:55:00Z"},{"value":"0.12248","scoring_system":"epss","scoring_elements":"0.93991","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12248","scoring_system":"epss","scoring_elements":"0.93989","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12248","scoring_system":"epss","scoring_elements":"0.9399","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8749"},{"reference_url":"https://github.com/advisories/GHSA-vvjc-q5vr-52q6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvjc-q5vr-52q6"},{"reference_url":"https://github.com/apache/camel","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel"},{"reference_url":"https://github.com/apache/camel/commit/02270ab9c90ac0d59b85dbd59fb9c1007eb44a1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/02270ab9c90ac0d59b85dbd59fb9c1007eb44a1"},{"reference_url":"https://github.com/apache/camel/commit/10f552643d7e4565104d142bbc160db5a30f9f7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/10f552643d7e4565104d142bbc160db5a30f9f7"},{"reference_url":"https://github.com/apache/camel/commit/10f552643d7e4565104d142bbc160db5a30f9f7e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/10f552643d7e4565104d142bbc160db5a30f9f7e"},{"reference_url":"https://github.com/apache/camel/commit/235036d2396ae45b6809b72a1983dee33b5ba32","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/235036d2396ae45b6809b72a1983dee33b5ba32"},{"reference_url":"https://github.com/apache/camel/commit/235036d2396ae45b6809b72a1983dee33b5ba326","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/235036d2396ae45b6809b72a1983dee33b5ba326"},{"reference_url":"https://github.com/apache/camel/commit/2b0e96117d6f01eba0c18e2ff8df6a438e81972","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/2b0e96117d6f01eba0c18e2ff8df6a438e81972"},{"reference_url":"https://github.com/apache/camel/commit/2b0e96117d6f01eba0c18e2ff8df6a438e819721","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/2b0e96117d6f01eba0c18e2ff8df6a438e819721"},{"reference_url":"https://github.com/apache/camel/commit/57d01e2fc8923263df896e9810329ee5b7f9b69","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/57d01e2fc8923263df896e9810329ee5b7f9b69"},{"reference_url":"https://github.com/apache/camel/commit/57d01e2fc8923263df896e9810329ee5b7f9b69e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/57d01e2fc8923263df896e9810329ee5b7f9b69e"},{"reference_url":"https://github.com/apache/camel/commit/5ae9c0dcc4843347cd01ffb58ce5dd0687755a1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/5ae9c0dcc4843347cd01ffb58ce5dd0687755a1"},{"reference_url":"https://github.com/apache/camel/commit/5ae9c0dcc4843347cd01ffb58ce5dd0687755a14","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/5ae9c0dcc4843347cd01ffb58ce5dd0687755a14"},{"reference_url":"https://github.com/apache/camel/commit/7567488f844f01d72840f7ab6ca18114a11f20d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/7567488f844f01d72840f7ab6ca18114a11f20d"},{"reference_url":"https://github.com/apache/camel/commit/7567488f844f01d72840f7ab6ca18114a11f20d8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/7567488f844f01d72840f7ab6ca18114a11f20d8"},{"reference_url":"https://github.com/apache/camel/commit/83fef7108456eeac1506853d194cd1360851c4fe","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/83fef7108456eeac1506853d194cd1360851c4fe"},{"reference_url":"https://github.com/apache/camel/commit/881e5099f94316d4a66ffbff0a3e6915829d49d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/881e5099f94316d4a66ffbff0a3e6915829d49d"},{"reference_url":"https://github.com/apache/camel/commit/881e5099f94316d4a66ffbff0a3e6915829d49d7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/881e5099f94316d4a66ffbff0a3e6915829d49d7"},{"reference_url":"https://github.com/apache/camel/commit/8c862aa11e31d0f804c4a4516a0715e05e3eebcf","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/8c862aa11e31d0f804c4a4516a0715e05e3eebcf"},{"reference_url":"https://github.com/apache/camel/commit/abb45b2c2ada2bbb34138230540b37d259c1e98d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/abb45b2c2ada2bbb34138230540b37d259c1e98d"},{"reference_url":"https://github.com/apache/camel/commit/af3f54de35a90a5a49a4af4622e8bd1011bf5ec","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/af3f54de35a90a5a49a4af4622e8bd1011bf5ec"},{"reference_url":"https://github.com/apache/camel/commit/c93a87c36aa4d14ad6f7ee1df9507fa2ca1fd91","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/c93a87c36aa4d14ad6f7ee1df9507fa2ca1fd91"},{"reference_url":"https://github.com/apache/camel/commit/ccf149c76bf37adc5977dc626e141a14e60b5ae","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/ccf149c76bf37adc5977dc626e141a14e60b5ae"},{"reference_url":"https://github.com/apache/camel/commit/ccf149c76bf37adc5977dc626e141a14e60b5aee","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/ccf149c76bf37adc5977dc626e141a14e60b5aee"},{"reference_url":"https://github.com/apache/camel/commit/d4102512147eca2af21c3b6ed63a67d852f4e66","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/camel/commit/d4102512147eca2af21c3b6ed63a67d852f4e66"},{"reference_url":"https://github.com/apache/camel/commit/d4102512147eca2af21c3b6ed63a67d852f4e66a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/d4102512147eca2af21c3b6ed63a67d852f4e66a"},{"reference_url":"https://issues.apache.org/jira/browse/CAMEL-10567","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/CAMEL-10567"},{"reference_url":"https://issues.apache.org/jira/browse/CAMEL-10604","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/CAMEL-10604"},{"reference_url":"https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"},{"reference_url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/05/22/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2017/05/22/2"},{"reference_url":"http://www.securityfocus.com/bid/97179","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/97179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420832","reference_id":"1420832","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420832"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8749","reference_id":"CVE-2016-8749","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8749"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53340?format=json","purl":"pkg:maven/org.apache.camel/camel-jackson@2.16.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-jackson@2.16.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53341?format=json","purl":"pkg:maven/org.apache.camel/camel-jackson@2.17.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-jackson@2.17.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53342?format=json","purl":"pkg:maven/org.apache.camel/camel-jackson@2.18.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-jackson@2.18.2"}],"aliases":["CVE-2016-8749","GHSA-vvjc-q5vr-52q6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkw3-29b4-b3hq"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-jackson@2.15.4"}