Filtered by vendor Apache Subscriptions
Filtered by product Camel Subscriptions
Total 23 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-22369 1 Apache 1 Camel 2024-11-21 7.8 High
Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
CVE-2023-34442 1 Apache 1 Camel 2024-11-21 3.3 Low
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1
CVE-2020-5529 4 Apache, Canonical, Debian and 1 more 4 Camel, Ubuntu Linux, Debian Linux and 1 more 2024-11-21 8.1 High
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
CVE-2020-11994 3 Apache, Oracle, Redhat 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more 2024-11-21 7.5 High
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
CVE-2020-11973 3 Apache, Oracle, Redhat 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more 2024-11-21 9.8 Critical
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2020-11972 3 Apache, Oracle, Redhat 5 Camel, Communications Diameter Signaling Router, Enterprise Manager Base Platform and 2 more 2024-11-21 9.8 Critical
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVE-2020-11971 3 Apache, Oracle, Redhat 6 Camel, Communications Diameter Intelligence Hub, Communications Diameter Signaling Router and 3 more 2024-11-21 7.5 High
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
CVE-2019-0194 2 Apache, Redhat 2 Camel, Jboss Fuse 2024-11-21 N/A
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
CVE-2019-0188 2 Apache, Oracle 5 Camel, Enterprise Data Quality, Enterprise Manager Base Platform and 2 more 2024-11-21 7.5 High
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
CVE-2018-8041 2 Apache, Redhat 2 Camel, Jboss Fuse 2024-11-21 N/A
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
CVE-2018-8027 1 Apache 1 Camel 2024-11-21 N/A
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
CVE-2017-5643 2 Apache, Redhat 3 Camel, Jboss Amq, Jboss Fuse 2024-11-21 N/A
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
CVE-2017-3159 2 Apache, Redhat 3 Camel, Jboss Amq, Jboss Fuse 2024-11-21 N/A
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2017-12634 2 Apache, Redhat 3 Camel, Jboss Amq, Jboss Fuse 2024-11-21 N/A
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2017-12633 2 Apache, Redhat 3 Camel, Jboss Amq, Jboss Fuse 2024-11-21 N/A
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
CVE-2016-8749 2 Apache, Redhat 3 Camel, Jboss Amq, Jboss Fuse 2024-11-21 N/A
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
CVE-2015-5348 2 Apache, Redhat 2 Camel, Jboss Fuse 2024-11-21 N/A
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
CVE-2015-5344 2 Apache, Redhat 2 Camel, Jboss Fuse 2024-11-21 N/A
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
CVE-2015-0264 2 Apache, Redhat 6 Camel, Jboss Amq, Jboss Bpms and 3 more 2024-11-21 N/A
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
CVE-2015-0263 2 Apache, Redhat 6 Camel, Jboss Amq, Jboss Bpms and 3 more 2024-11-21 N/A
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.