Search for packages
| purl | pkg:maven/org.apache.camel/camel-core@2.10.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-423h-njb8-3uam
Aliases: CVE-2013-4330 GHSA-x9fv-c87w-55wc |
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer. |
Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-579q-qqj8-63gs
Aliases: CVE-2019-0194 GHSA-4wjq-69rc-8wcp |
Path Traversal Apache Camel's File is vulnerable to directory traversal. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-aard-mgx9-rff2
Aliases: CVE-2015-0263 GHSA-3hrc-f439-727g |
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-et64-wksj-qyhj
Aliases: CVE-2017-5643 GHSA-vq9j-jh62-5hmp |
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-k4un-d8uk-ryhe
Aliases: CVE-2014-0003 GHSA-h6rp-8v4j-hwph |
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-m8hb-4rwu-jkcy
Aliases: CVE-2015-0264 GHSA-mhx2-r3jx-g94c |
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-n8rf-enh6-q3bq
Aliases: CVE-2019-0188 GHSA-h896-mx9x-g32g |
Apache Camel contains an XML external entity injection vulnerability due to using an outdated vulnerable JSON-lib library. This affects only the `camel-xmljson` component, which was removed. |
Affected by 0 other vulnerabilities. |
|
VCID-uwkp-1etw-kkag
Aliases: CVE-2014-0002 GHSA-2fw5-rvf2-jq56 |
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||