Advisories for Maven/Org.apache.camel/Camel-Core package

2024

Apache Camel data exposure vulnerability

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Camel: from 3.0.0 through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

2019
2018
2017
2015

XXE in Apache Camel

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in this package allow remote attackers to read arbitrary files via an external entity in an invalid XML String or GenericFile object in an XPath query.

2014

Read arbitrary files

The XSLT component in this package allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

2013