Vulnerability in Apache Camel
CVE-2019-0188
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
EPSS: 0.010 (76.9th percentile) — read the EPSS interpretation.
Affected products
- Apache Camel — versions Apache Camel versions prior to 2.24.0
References
- JVN#71498764 (third-party-advisory, x_refsource_JVN)
- 108422 (vdb-entry, x_refsource_BID)
- [camel-users] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel (mailing-list, x_refsource_MLIST)
- [oss-security] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel (mailing-list, x_refsource_MLIST)
- [tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater opened a new pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188 (mailing-list, x_refsource_MLIST)
- [tamaya-dev] 20190607 [jira] [Created] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188 (mailing-list, x_refsource_MLIST)
- [tamaya-commits] 20190607 [incubator-tamaya-sandbox] branch master updated: TAMAYA-410 bump camel-core version past CVE-2019-0188 (mailing-list, x_refsource_MLIST)
- [tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater merged pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188 (mailing-list, x_refsource_MLIST)
- [tamaya-dev] 20190607 [jira] [Closed] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188 (mailing-list, x_refsource_MLIST)
- [tamaya-dev] 20190607 [jira] [Commented] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188 (mailing-list, x_refsource_MLIST)