Vulnerabilities > Apache > Camel > 2.20.0

DATE CVE VULNERABILITY TITLE RISK
2019-05-28 CVE-2019-0188 XXE vulnerability in multiple products
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library.
network
low complexity
oracle apache CWE-611
7.5
7.5
2018-09-17 CVE-2018-8041 Path Traversal vulnerability in Apache Camel
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
network
low complexity
apache CWE-22
5.3
5.3
2018-07-31 CVE-2018-8027 XXE vulnerability in Apache Camel
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
network
low complexity
apache CWE-611
critical
 9.8
9.8
2017-11-15 CVE-2017-12634 Deserialization of Untrusted Data vulnerability in Apache Camel
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2017-11-15 CVE-2017-12633 Deserialization of Untrusted Data vulnerability in Apache Camel
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability.
network
low complexity
apache CWE-502
critical
 9.8
9.8