Vulnerabilities > Apache > Camel > 2.10.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-28 | CVE-2019-0188 | XXE vulnerability in multiple products Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. | 7.5 |
| 2019-04-30 | CVE-2019-0194 | Path Traversal vulnerability in Apache Camel Apache Camel's File is vulnerable to directory traversal. | 7.5 |
| 2017-11-15 | CVE-2017-12634 | Deserialization of Untrusted Data vulnerability in Apache Camel The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. | 9.8 |
| 2017-11-15 | CVE-2017-12633 | Deserialization of Untrusted Data vulnerability in Apache Camel The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. | 9.8 |
| 2017-03-16 | CVE-2017-5643 | Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | 7.4 |
| 2017-03-07 | CVE-2017-3159 | Deserialization of Untrusted Data vulnerability in Apache Camel Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. | 9.8 |
| 2016-04-15 | CVE-2015-5348 | Data Processing Errors vulnerability in Apache Camel Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | 8.1 |
| 2016-02-03 | CVE-2015-5344 | Data Processing Errors vulnerability in Apache Camel The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | 9.8 |