org.apache.camel:camel-core
Maven11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.camel:camel-corepage 1 of 1
- CVE-2013-4330NONECVSS 0.0✓ Fixed in 2.12.12013-10-04
vulnerable: 2.12.0
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP …
- CVE-2014-0002NONECVSS 0.0✓ Fixed in 2.12.32014-03-21
vulnerable: 2.12.0, 2.12.1, 2.12.2
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjuncti…
- CVE-2014-0003NONECVSS 0.0✓ Fixed in 2.12.32014-03-21
vulnerable: 2.12.0, 2.12.1, 2.12.2
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
- CVE-2015-0263NONECVSS 0.0EG 0.0✓ Fixed in 2.14.22015-06-03
vulnerable: 2.14.0, 2.14.1
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXS…
- CVE-2015-0264NONECVSS 0.0EG 0.0✓ Fixed in 2.14.22015-06-03
vulnerable: 2.14.0, 2.14.1
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String o…
- CVE-2017-5643HIGHCVSS 7.4EG 7.4✓ Fixed in 2.18.22017-03-16
vulnerable: 2.18.0, 2.18.1
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
- CVE-2018-8027CRITICALCVSS 9.8✓ Fixed in 2.21.12018-07-31
vulnerable: 2.21.0
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
- CVE-2019-0188HIGHCVSS 7.5✓ Fixed in 2.24.02019-05-28
vulnerable: 1.0.0 ... 2.9.8 (128 versions)
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
- CVE-2019-0194HIGHCVSS 7.5✓ Fixed in 2.23.12019-04-30
vulnerable: 2.23.0
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
- CVE-2020-11971HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.02020-05-14
vulnerable: 1.0.0 ... 3.1.0 (147 versions)
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
- CVE-2024-22371LOWCVSS 2.9EG 2.9✓ Fixed in 4.4.02024-02-26
vulnerable: 4.1.0, 4.2.0, 4.3.0
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.2…
Check whether org.apache.camel:camel-core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.camel:camel-core CVEs against the assets you own.
Start Free Scan →