Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Apache Subscribe
Filtered by product Camel

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5529 4 Apache, Canonical, Debian and 1 more 4 Camel, Ubuntu Linux, Debian Linux and 1 more 2023-12-07 6.8 MEDIUM 8.1 HIGH
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
CVE-2020-11971 2 Apache, Oracle 5 Camel, Communications Diameter Intelligence Hub, Communications Diameter Signaling Router and 2 more 2022-05-12 5.0 MEDIUM 7.5 HIGH
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
CVE-2020-11994 1 Apache 1 Camel 2021-10-20 5.0 MEDIUM 7.5 HIGH
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
CVE-2019-0188 2 Apache, Oracle 5 Camel, Enterprise Data Quality, Enterprise Manager Base Platform and 2 more 2021-03-15 5.0 MEDIUM 7.5 HIGH
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
CVE-2019-0194 1 Apache 1 Camel 2019-05-24 5.0 MEDIUM 7.5 HIGH
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
CVE-2017-5643 1 Apache 1 Camel 2019-05-24 5.8 MEDIUM 7.4 HIGH
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
CVE-2015-5348 1 Apache 1 Camel 2019-05-24 6.8 MEDIUM 8.1 HIGH
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.