CVE-2019-0188
https://notcve.org/view.php?id=CVE-2019-0188
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. Apache Camel en versiones anteriores a la 2.24.0 contiene una vulnerabilidad de XML external entity injection (XXE) (CWE-611) debido al uso de una biblioteca JSON-lib obsoleta y vulnerable. Esto afecta solo al componente Camel-xmljson, que se eliminó. • http://jvn.jp/en/jp/JVN71498764/index.html http://www.openwall.com/lists/oss-security/2019/05/24/2 http://www.securityfocus.com/bid/108422 https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc https://lists.apache.org/thread.html/00118387610522b107cbdcec5369ddd512b576ff0236a02bfca12f44%40%3Cusers.camel.apache.org%3E https://lists.apache.org/thread.html/45349f8bd98c1c13a84beddede18fe79b8619ebab99d90f1fb43d7ab%40%3Cdev.tamaya.apache.org%3E https://lists.apache.or • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2019-0194 – camel: Directory traversal in file producer
https://notcve.org/view.php?id=CVE-2019-0194
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. El archivo de Apache Camel es vulnerable a un salto de directorio. Camel versiones desde 2.21.0 hasta 2.21.3, desde 2.22.0 hasta 2.22.2, 2.23.0 y las versiones 2.x (2.19 y anteriores) sin soporte también pueden verse afectadas. • http://www.openwall.com/lists/oss-security/2019/04/30/2 http://www.securityfocus.com/bid/108181 https://lists.apache.org/thread.html/0a163d02169d3d361150e8183df4af33f1a3d8a419b2937ac8e6c66f%40%3Cusers.camel.apache.org%3E https://lists.apache.org/thread.html/0cb842f367336b352a7548e290116b64b78b8e7b99402deaba81a687%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/45e23ade8d3cb754615f95975e89e8dc73c59eeac914f07d53acbac6%40& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-8041 – camel-mail: path traversal vulnerability
https://notcve.org/view.php?id=CVE-2018-8041
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. Apache Camel's Mail, desde la versión 2.20.0 hasta la 2.20.3, de la versión 2.21.0 hasta la 2.21.1 y desde la 2.22.0 es vulnerable a un salto de directorio. • http://camel.apache.org/security-advisories.data/CVE-2018-8041.txt.asc?version=1&modificationDate=1536746339000&api=v2 http://www.securityfocus.com/bid/105352 https://access.redhat.com/errata/RHSA-2018:3768 https://issues.apache.org/jira/browse/CAMEL-12630 https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E https://access.redhat.com/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-8027
https://notcve.org/view.php?id=CVE-2018-8027
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. Apache Camel, de la versión 2.20.0 a la 2.20.3 y en la versión 2.21.0 Core es vulnerable a XEE (XML External Entity) en el procesador de validación XSD. • http://camel.apache.org/security-advisories.data/CVE-2018-8027.txt.asc http://www.securityfocus.com/bid/104933 https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/77f596fc63e63c2e9adcff3c34759b32c225cf0b582aedb755adaade%40%3Cdev.camel.apache.org%3E https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2017-12633 – camel-hessian: Apache Camel's Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks
https://notcve.org/view.php?id=CVE-2017-12633
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. El componente camel-hessian en Apache Camel en versiones 2.x anteriores a la 2.19.4 y las versiones 2.20.x anteriores a la 2.20.1 es vulnerable a una deserialización de objetos Java. La deserialización de datos no fiables puede conducir a fallos de seguridad. It was found that Apache Camel contains a security vulnerability via camel-hessian component. • http://camel.apache.org/security-advisories.data/CVE-2017-12633.txt.asc http://www.securityfocus.com/bid/101874 https://access.redhat.com/errata/RHSA-2018:0319 https://issues.apache.org/jira/browse/CAMEL-11923 https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E https://access.redhat.com/security/cve/CVE-2017-12633 https:/ • CWE-502: Deserialization of Untrusted Data •