Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11972 | 2 Apache, Oracle | 4 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. | |||||
| CVE-2020-11971 | 2 Apache, Oracle | 5 Camel, Communications Diameter Intelligence Hub, Communications Diameter Signaling Router and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. | |||||
| CVE-2019-0194 | 1 Apache | 1 Camel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. | |||||
| CVE-2019-0188 | 2 Apache, Oracle | 5 Camel, Enterprise Data Quality, Enterprise Manager Base Platform and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. | |||||
| CVE-2018-8041 | 1 Apache | 1 Camel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. | |||||
| CVE-2018-8027 | 1 Apache | 1 Camel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. | |||||