RSS   Vulnerabilities for 'Camel'   RSS

2020-07-08
 
CVE-2020-11994

CWE-74
 

 
Server-Side Template Injection and arbitrary file disclosure on Camel templating components

 
2020-05-14
 
CVE-2020-11973

CWE-502
 

 
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

 
 
CVE-2020-11972

CWE-502
 

 
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

 
 
CVE-2020-11971

CWE-20
 

 
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

 
2019-05-28
 
CVE-2019-0188

CWE-611
 

 
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.

 
2019-04-30
 
CVE-2019-0194

CWE-22
 

 
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

 
2018-09-17
 
CVE-2018-8041

CWE-22
 

 
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.

 
2018-07-31
 
CVE-2018-8027

CWE-611
 

 
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.

 
2017-11-15
 
CVE-2017-12634

CWE-502
 

 
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

 
 
CVE-2017-12633

CWE-502
 

 
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

 


Copyright 2021, cxsecurity.com

 

Back to Top