Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Camel
(Apache)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 22 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-11-15 | CVE-2017-12634 | The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. | Camel | 9.8 | ||
2018-07-31 | CVE-2018-8027 | Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. | Camel | 9.8 | ||
2018-09-17 | CVE-2018-8041 | Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. | Camel | 5.3 | ||
2019-04-30 | CVE-2019-0194 | Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. | Camel | 7.5 | ||
2019-05-28 | CVE-2019-0188 | Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. | Camel, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_repository, Flexcube_private_banking | 7.5 | ||
2020-05-14 | CVE-2020-11971 | Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. | Camel, Communications_diameter_intelligence_hub, Communications_diameter_signaling_router, Enterprise_manager_base_platform, Flexcube_private_banking | 7.5 | ||
2020-07-08 | CVE-2020-11994 | Server-Side Template Injection and arbitrary file disclosure on Camel templating components | Camel, Communications_diameter_signaling_router, Enterprise_manager_base_platform, Enterprise_repository | 7.5 | ||
2013-10-04 | CVE-2013-4330 | Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer. | Camel | N/A | ||
2014-03-21 | CVE-2014-0002 | The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | Camel | N/A | ||
2014-03-21 | CVE-2014-0003 | The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. | Camel | N/A |