CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2019-0188
https://notcve.org/view.php?id=CVE-2019-0188
28 May 2019 — Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. Apache Camel en versiones anteriores a la 2.24.0 contiene una vulnerabilidad de XML external entity injection (XXE) (CWE-611) debido al uso de una biblioteca JSON-lib obsoleta y vulnerable. Esto afecta solo al componente Camel-xmljson, que se eliminó. • http://jvn.jp/en/jp/JVN71498764/index.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1CVE-2019-0194 – camel: Directory traversal in file producer
https://notcve.org/view.php?id=CVE-2019-0194
30 Apr 2019 — Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. El archivo de Apache Camel es vulnerable a un salto de directorio. Camel versiones desde 2.21.0 hasta 2.21.3, desde 2.22.0 hasta 2.22.2, 2.23.0 y las versiones 2.x (2.19 y anteriores) sin soporte también pueden verse afectadas. • http://www.openwall.com/lists/oss-security/2019/04/30/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.3EPSS: 2%CPEs: 3EXPL: 0CVE-2018-8041 – camel-mail: path traversal vulnerability
https://notcve.org/view.php?id=CVE-2018-8041
17 Sep 2018 — Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. Apache Camel's Mail, desde la versión 2.20.0 hasta la 2.20.3, de la versión 2.21.0 hasta la 2.21.1 y desde la 2.22.0 es vulnerable a un salto de directorio. Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions. Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy inte... • http://camel.apache.org/security-advisories.data/CVE-2018-8041.txt.asc?version=1&modificationDate=1536746339000&api=v2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-8027
https://notcve.org/view.php?id=CVE-2018-8027
31 Jul 2018 — Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. Apache Camel, de la versión 2.20.0 a la 2.20.3 y en la versión 2.21.0 Core es vulnerable a XEE (XML External Entity) en el procesador de validación XSD. • http://camel.apache.org/security-advisories.data/CVE-2018-8027.txt.asc • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2017-12633 – camel-hessian: Apache Camel's Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks
https://notcve.org/view.php?id=CVE-2017-12633
15 Nov 2017 — The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. El componente camel-hessian en Apache Camel en versiones 2.x anteriores a la 2.19.4 y las versiones 2.20.x anteriores a la 2.20.1 es vulnerable a una deserialización de objetos Java. La deserialización de datos no fiables puede conducir a fallos de seguridad. It was found that Apache Camel contains a secu... • http://camel.apache.org/security-advisories.data/CVE-2017-12633.txt.asc • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2017-12634 – camel-castor: Apache Camel's Castor unmarshalling operation is vulnerable to Remote Code Execution attacks
https://notcve.org/view.php?id=CVE-2017-12634
15 Nov 2017 — The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. El componente camel-castor en Apache Camel en versiones 2.x anteriores a la 2.19.4 y las versiones 2.20.x anteriores a la 2.20.1 es vulnerable a una deserialización de objetos Java. La deserialización de datos no fiables puede conducir a fallos de seguridad. It was found that Apache Camel contains a securi... • http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc • CWE-502: Deserialization of Untrusted Data •