Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Camel
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-06-03 | CVE-2015-0264 | Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query. | Camel | N/A | ||
| 2016-02-03 | CVE-2015-5344 | The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | Camel | 9.8 | ||
| 2016-04-15 | CVE-2015-5348 | Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | Camel | 8.1 | ||
| 2017-03-07 | CVE-2017-3159 | Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws. | Camel | 9.8 | ||
| 2017-03-16 | CVE-2017-5643 | Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | Camel | 7.4 | ||
| 2017-03-28 | CVE-2016-8749 | Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. | Camel | 9.8 | ||
| 2017-11-15 | CVE-2017-12633 | The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. | Camel | 9.8 | ||
| 2017-11-15 | CVE-2017-12634 | The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. | Camel | 9.8 | ||
| 2018-07-31 | CVE-2018-8027 | Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. | Camel | 9.8 | ||
| 2018-09-17 | CVE-2018-8041 | Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. | Camel | 5.3 |