Maven package
org.apache.camel/camel-core
pkg:maven/org.apache.camel/camel-core
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22371 | — | >= 3.0.0, < 3.21.4 | 3.21.4 | Feb 26, 2024 | Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4. | ||
| CVE-2020-11971 | — | < 3.2.0 | 3.2.0 | May 14, 2020 | Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. | ||
| CVE-2019-0188 | — | < 2.24.0 | 2.24.0 | May 28, 2019 | Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. | ||
| CVE-2019-0194 | — | >= 2.21.0, < 2.21.5 | 2.21.5 | Apr 30, 2019 | Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. | ||
| CVE-2018-8027 | — | >= 2.20.0, < 2.20.4 | 2.20.4 | Jul 31, 2018 | Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. | ||
| CVE-2017-5643 | Hig | 7.4 | < 2.17.6 | 2.17.6 | Mar 16, 2017 | Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | |
| CVE-2015-0264 | — | < 2.13.4 | 2.13.4 | Jun 3, 2015 | Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath quer | ||
| CVE-2015-0263 | — | < 2.13.4 | 2.13.4 | Jun 3, 2015 | XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource. | ||
| CVE-2014-0003 | — | >= 2.11.0, < 2.11.4 | 2.11.4 | Mar 21, 2014 | The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. | ||
| CVE-2014-0002 | — | < 2.11.4 | 2.11.4 | Mar 21, 2014 | The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to a | ||
| CVE-2013-4330 | — | < 2.9.7 | 2.9.7 | Oct 4, 2013 | Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer. |
- CVE-2024-22371Feb 26, 2024affected >= 3.0.0, < 3.21.4fixed 3.21.4
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.
- CVE-2020-11971May 14, 2020affected < 3.2.0fixed 3.2.0
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
- CVE-2019-0188May 28, 2019affected < 2.24.0fixed 2.24.0
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
- CVE-2019-0194Apr 30, 2019affected >= 2.21.0, < 2.21.5fixed 2.21.5
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
- CVE-2018-8027Jul 31, 2018affected >= 2.20.0, < 2.20.4fixed 2.20.4
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
- affected < 2.17.6fixed 2.17.6
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
- CVE-2015-0264Jun 3, 2015affected < 2.13.4fixed 2.13.4
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath quer
- CVE-2015-0263Jun 3, 2015affected < 2.13.4fixed 2.13.4
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
- CVE-2014-0003Mar 21, 2014affected >= 2.11.0, < 2.11.4fixed 2.11.4
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
- CVE-2014-0002Mar 21, 2014affected < 2.11.4fixed 2.11.4
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to a
- CVE-2013-4330Oct 4, 2013affected < 2.9.7fixed 2.9.7
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.