CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2019-0188
https://notcve.org/view.php?id=CVE-2019-0188
28 May 2019 — Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. Apache Camel en versiones anteriores a la 2.24.0 contiene una vulnerabilidad de XML external entity injection (XXE) (CWE-611) debido al uso de una biblioteca JSON-lib obsoleta y vulnerable. Esto afecta solo al componente Camel-xmljson, que se eliminó. • http://jvn.jp/en/jp/JVN71498764/index.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1CVE-2019-0194 – camel: Directory traversal in file producer
https://notcve.org/view.php?id=CVE-2019-0194
30 Apr 2019 — Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. El archivo de Apache Camel es vulnerable a un salto de directorio. Camel versiones desde 2.21.0 hasta 2.21.3, desde 2.22.0 hasta 2.22.2, 2.23.0 y las versiones 2.x (2.19 y anteriores) sin soporte también pueden verse afectadas. • http://www.openwall.com/lists/oss-security/2019/04/30/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2017-12633 – camel-hessian: Apache Camel's Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks
https://notcve.org/view.php?id=CVE-2017-12633
15 Nov 2017 — The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. El componente camel-hessian en Apache Camel en versiones 2.x anteriores a la 2.19.4 y las versiones 2.20.x anteriores a la 2.20.1 es vulnerable a una deserialización de objetos Java. La deserialización de datos no fiables puede conducir a fallos de seguridad. It was found that Apache Camel contains a secu... • http://camel.apache.org/security-advisories.data/CVE-2017-12633.txt.asc • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2017-12634 – camel-castor: Apache Camel's Castor unmarshalling operation is vulnerable to Remote Code Execution attacks
https://notcve.org/view.php?id=CVE-2017-12634
15 Nov 2017 — The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. El componente camel-castor en Apache Camel en versiones 2.x anteriores a la 2.19.4 y las versiones 2.20.x anteriores a la 2.20.1 es vulnerable a una deserialización de objetos Java. La deserialización de datos no fiables puede conducir a fallos de seguridad. It was found that Apache Camel contains a securi... • http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2017-5643 – camel-core: Validation component vulnerable to SSRF via remote DTDs and XXE
https://notcve.org/view.php?id=CVE-2017-5643
16 Mar 2017 — Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. Apache Camel's Validation Component es vulnerable contra ataques de SSRF a través de DTDs y XXE remotos. It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. Remote attackers can use this feature to make Server-Side Request Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML External Entitie... • http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2 • CWE-918: Server-Side Request Forgery (SSRF) •