CVE-2019-0194
- EPSS 8.48%
- Veröffentlicht 30.04.2019 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:27
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
CVE-2018-8041
- EPSS 9.85%
- Veröffentlicht 17.09.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:13:09
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
CVE-2018-8027
- EPSS 5.52%
- Veröffentlicht 31.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:13:07
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
CVE-2017-12634
- EPSS 7.19%
- Veröffentlicht 15.11.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2017-12633
- EPSS 7.13%
- Veröffentlicht 15.11.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2016-8749
- EPSS 10.6%
- Veröffentlicht 28.03.2017 18:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
CVE-2017-5643
- EPSS 4.89%
- Veröffentlicht 16.03.2017 15:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
CVE-2017-3159
- EPSS 6.29%
- Veröffentlicht 07.03.2017 15:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2015-5348
- EPSS 6.37%
- Veröffentlicht 15.04.2016 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java objec...
CVE-2015-5344
- EPSS 7.12%
- Veröffentlicht 03.02.2016 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.