Details
-
Bug
-
Resolution: Done
-
Major
-
1.3.3.Final
-
None
Description
https://github.com/jberet/jsr352/network/alert/pom.xml/org.apache.camel:camel-core/open
Remediation
Upgrade org.apache.camel:camel-core to version 2.23.1 or later. For example:
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-core</artifactId>
<version>[2.23.1,)</version>
</dependency>
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2019-0194 More information
moderate severity
Vulnerable versions: = 2.23.0
Patched version: 2.23.1
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
https://github.com/jberet/jsr352/network/alert/pom.xml/org.apache.camel:camel-core/open
Remediation
Upgrade org.apache.camel:camel-core to version 2.24.0 or later. For example:
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-core</artifactId>
<version>[2.24.0,)</version>
</dependency>
Always verify the validity and compatibility of suggestions with your codebase.
CVE-2019-0188 More information
moderate severity
Vulnerable versions: < 2.24.0
Patched version: 2.24.0
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
