RSS   Vulnerabilities for 'Camel'   RSS

2017-11-15
 
CVE-2017-12634

CWE-502
 

 
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

 
 
CVE-2017-12633

CWE-502
 

 
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.

 
2017-03-28
 
CVE-2016-8749

CWE-502
 

 
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.

 
2017-03-16
 
CVE-2017-5643

CWE-918
 

 
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

 
2017-03-07
 
CVE-2017-3159

CWE-502
 

 
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.

 
 
CVE-2016-9571

 

 
Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialization vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.

 
2016-04-15
 
CVE-2015-5348

CWE-19
 

 
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

 
2016-02-03
 
CVE-2015-5344

CWE-19
 

 
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

 
2015-06-03
 
CVE-2015-0264

CWE-Other
 

 
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

 
 
CVE-2015-0263

CWE-Other
 

 
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

 


Copyright 2018, cxsecurity.com

 

Back to Top