Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apache | First view | 2017-03-16 |
| Product | Camel | Last view | 2023-07-10 |
| Version | 2.18.2 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:apache:camel | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.3 | 2023-07-10 | CVE-2023-34442 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 |
| 7.5 | 2020-07-08 | CVE-2020-11994 | Server-Side Template Injection and arbitrary file disclosure on Camel templating components |
| 9.8 | 2020-05-14 | CVE-2020-11973 | Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. |
| 9.8 | 2020-05-14 | CVE-2020-11972 | Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. |
| 7.5 | 2020-05-14 | CVE-2020-11971 | Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. |
| 7.5 | 2019-05-28 | CVE-2019-0188 | Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. |
| 7.5 | 2019-04-30 | CVE-2019-0194 | Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. |
| 5.3 | 2018-09-17 | CVE-2018-8041 | Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. |
| 9.8 | 2018-07-31 | CVE-2018-8027 | Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. |
| 9.8 | 2017-11-15 | CVE-2017-12634 | The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. |
| 9.8 | 2017-11-15 | CVE-2017-12633 | The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. |
| 7.4 | 2017-03-16 | CVE-2017-5643 | Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 44% (4) | CWE-502 | Deserialization of Untrusted Data |
| 22% (2) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
| 22% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 11% (1) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
