5 results (0.003 seconds)

CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0

10 Jul 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 • https://lists.apache.org/thread/x4vy2hhbltb1xrvy1g6m8hpjgj2k7wgh • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

08 Jul 2020 — Server-Side Template Injection and arbitrary file disclosure on Camel templating components Una Inyección de Plantilla del Lado de Servidor y divulgación de archivos arbitrarios en componentes de plantillas Camel A flaw was found in camel. Camel's templating components are suseptable to Server-Side Template Injection and arbitrary file disclosure. The highest threat from this vulnerability is to data confidentiality. Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and i... • https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 0

14 May 2020 — Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel RabbitMQ permite una deserialización de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 están afectadas. Los usuarios de la versión 2.x deben actualizar a la versión 2.25.1, los usuarios de la versión 3.x deben actualizar a la versión 3.2.0. • http://www.openwall.com/lists/oss-security/2020/05/14/10 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 9%CPEs: 7EXPL: 0

14 May 2020 — Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Apache Camel Netty permite una deserialización de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 están afectadas. Los usuarios de la versión 2.x deben actualizar a la versión 2.25.1, los usuarios de la versión 3.x deben actualizar a la versión 3.2.0. • http://www.openwall.com/lists/oss-security/2020/05/14/9 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0

14 May 2020 — Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. El JMX de Apache Camel es vulnerable a Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 hasta la versión 3.1.0 se ve afectado. • http://www.openwall.com/lists/oss-security/2020/05/14/7 • CWE-20: Improper Input Validation •