RSS   Vulnerabilities for 'Camel'   RSS

2018-09-17
 
CVE-2018-8041

CWE-22
 

 
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.

 
2018-07-31
 
CVE-2018-8027

CWE-611
 

 
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.

 
2017-11-15
 
CVE-2017-12634

CWE-502
 

 
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

 
 
CVE-2017-12633

CWE-502
 

 
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

 
2017-03-28
 
CVE-2016-8749

CWE-502
 

 
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.

 
2017-03-16
 
CVE-2017-5643

CWE-918
 

 
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

 
2017-03-07
 
CVE-2017-3159

CWE-502
 

 
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.

 
 
CVE-2016-9571

 

 
Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialization vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.

 
2016-04-15
 
CVE-2015-5348

CWE-19
 

 
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

 
2016-02-03
 
CVE-2015-5344

CWE-19
 

 
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

 


Copyright 2019, cxsecurity.com

 

Back to Top