CVE-2015-5344: camel-xstream: Java object de-serialization vulnerability leads to RCE

Severity: Critical

CVSS Score: 9.8

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.