CVE-2019-0188: XML external entity injection

May 28, 2019 (updated June 7, 2019)

Apache Camel contains an XML external entity injection vulnerability due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.

References

jvn.jp/en/jp/JVN71498764/index.html
www.securityfocus.com/bid/108422
github.com/apache/camel/releases/tag/camel-2.24.0
nvd.nist.gov/vuln/detail/CVE-2019-0188
www.openwall.com/lists/oss-security/2019/05/24/1
www.securityfocus.com/bid/108422/info

Detect and mitigate CVE-2019-0188 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →