CVE-2015-5344: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

October 16, 2018 (updated September 13, 2021)

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

References

github.com/advisories/GHSA-gv5f-cjw9-5vxg
nvd.nist.gov/vuln/detail/CVE-2015-5344

Code Behaviors & Features

Detect and mitigate CVE-2015-5344 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →