Apache

Camel

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-30177

  • EPSS 0.16%
  • Veröffentlicht 01.04.2025 12:15:15
  • Zuletzt bearbeitet 15.04.2025 13:00:12

Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10...

4.8

CVE-2025-29891

Exploit
  • EPSS 0.13%
  • Veröffentlicht 12.03.2025 14:42:59
  • Zuletzt bearbeitet 02.04.2025 20:37:07

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS a...

5.6

CVE-2025-27636

Exploit
  • EPSS 33.09%
  • Veröffentlicht 09.03.2025 13:15:34
  • Zuletzt bearbeitet 23.06.2025 18:54:52

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to v...

7.5

CVE-2024-22371

  • EPSS 0.44%
  • Veröffentlicht 26.02.2024 16:27:56
  • Zuletzt bearbeitet 25.04.2025 18:56:25

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through...

9.8

CVE-2024-23114

  • EPSS 0.83%
  • Veröffentlicht 20.02.2024 15:15:10
  • Zuletzt bearbeitet 02.04.2025 20:19:16

Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Ap...

7.8

CVE-2024-22369

  • EPSS 3.56%
  • Veröffentlicht 20.02.2024 15:15:10
  • Zuletzt bearbeitet 02.04.2025 20:17:04

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to ...

3.3

CVE-2023-34442

  • EPSS 0.04%
  • Veröffentlicht 10.07.2023 16:15:52
  • Zuletzt bearbeitet 21.11.2024 08:07:15

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X thro...

7.5

CVE-2020-11994

  • EPSS 1.55%
  • Veröffentlicht 08.07.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:04

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

9.8

CVE-2020-11973

  • EPSS 8.42%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:01

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8

CVE-2020-11972

  • EPSS 8.39%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:01

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.