Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-20
Updated
2024-02-20
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
Max CVSS
2.9
EPSS Score
0.04%
Published
2024-02-26
Updated
2024-02-26
Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-20
Updated
2024-02-20
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1
Max CVSS
3.3
EPSS Score
0.04%
Published
2023-07-10
Updated
2023-07-17
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Max CVSS
9.8
EPSS Score
0.04%
Published
2022-12-05
Updated
2022-12-19
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
Max CVSS
7.5
EPSS Score
0.45%
Published
2020-07-08
Updated
2022-04-01
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
Max CVSS
9.8
EPSS Score
0.97%
Published
2020-05-14
Updated
2022-10-05
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
Max CVSS
9.8
EPSS Score
0.80%
Published
2020-05-14
Updated
2021-03-15
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
Max CVSS
7.5
EPSS Score
0.12%
Published
2020-05-14
Updated
2022-05-12
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
Max CVSS
8.1
EPSS Score
0.40%
Published
2020-02-11
Updated
2023-12-07
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
Max CVSS
7.5
EPSS Score
30.73%
Published
2019-04-30
Updated
2019-05-24
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
Max CVSS
7.5
EPSS Score
0.52%
Published
2019-05-28
Updated
2021-03-15
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
Max CVSS
5.3
EPSS Score
4.57%
Published
2018-09-17
Updated
2019-05-24
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
Max CVSS
9.8
EPSS Score
0.86%
Published
2018-07-31
Updated
2019-05-24
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
Max CVSS
9.8
EPSS Score
0.36%
Published
2017-11-15
Updated
2019-05-24
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
Max CVSS
9.8
EPSS Score
0.43%
Published
2017-11-15
Updated
2019-05-24
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
Max CVSS
7.4
EPSS Score
0.68%
Published
2017-03-16
Updated
2019-05-24
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
Max CVSS
9.8
EPSS Score
0.92%
Published
2017-03-07
Updated
2019-05-24
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
Max CVSS
9.8
EPSS Score
8.84%
Published
2017-03-28
Updated
2019-05-24
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
Max CVSS
8.1
EPSS Score
0.90%
Published
2016-04-15
Updated
2019-05-24
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
Max CVSS
9.8
EPSS Score
0.99%
Published
2016-02-03
Updated
2019-05-24
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
Max CVSS
5.0
EPSS Score
0.95%
Published
2015-06-03
Updated
2019-05-24
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
Max CVSS
5.0
EPSS Score
0.41%
Published
2015-06-03
Updated
2019-05-24
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
Max CVSS
7.5
EPSS Score
55.43%
Published
2014-03-21
Updated
2023-02-13
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Max CVSS
7.5
EPSS Score
43.45%
Published
2014-03-21
Updated
2023-02-13
26 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!