Apache Software Foundation Camel 2.22.5

CPE Details

Apache Software Foundation Camel 2.22.5
apache
camel
2.22.5
2020-05-18
12h20 +00:00
2020-05-18
12h20 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:camel:2.22.5:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

camel

Version

2.22.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-11994 2020-07-08 13h13 +00:00 Server-Side Template Injection and arbitrary file disclosure on Camel templating components
7.5
High
CVE-2020-11972 2020-05-14 14h26 +00:00 Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
9.8
Critical
CVE-2020-11973 2020-05-14 14h22 +00:00 Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
9.8
Critical
CVE-2020-11971 2020-05-14 14h18 +00:00 Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
7.5
High
CVE-2019-0188 2019-05-28 16h10 +00:00 Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
7.5
High