Apache Software Foundation Camel

CPE Details

Apache Software Foundation Camel
apache
camel
-
2021-07-26
14h27 +00:00
2021-07-27
17h25 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:camel:-:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

camel

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-5529 2020-02-11 07h35 +00:00 HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
8.1
High
CVE-2019-0188 2019-05-28 16h10 +00:00 Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
7.5
High
CVE-2017-5643 2017-03-16 14h00 +00:00 Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
7.4
High
CVE-2017-3159 2017-03-07 14h00 +00:00 Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
9.8
Critical
CVE-2015-5344 2016-02-03 14h00 +00:00 The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
9.8
Critical
CVE-2015-0263 2015-06-03 18h00 +00:00 XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
5
CVE-2015-0264 2015-06-03 18h00 +00:00 Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
5
CVE-2014-0002 2014-03-20 18h00 +00:00 The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
7.5
CVE-2014-0003 2014-03-20 18h00 +00:00 The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
7.5
CVE-2013-4330 2013-10-04 15h00 +00:00 Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
6.8