Red Hat Bugzilla – Bug 1303609
CVE-2015-5344 camel-xstream: Java object de-serialization vulnerability leads to RCE
Last modified: 2016-10-14 16:47:23 EDT
Java object de-serialization vulnerability in camel-xstream component was reported, leading to possible remote code execution.
JIRA ticket referring to various commits that resolved the issue:
Currently scheduled for Fuse 6.3 release, if you need this feature earlier, please let us know by commenting here.
This issue has been addressed in the following products:
Red Hat JBoss Fuse 6.3
Via RHSA-2016:2035 https://rhn.redhat.com/errata/RHSA-2016-2035.html