Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
Advisories for Maven/Org.apache.camel/Camel-Mail package
2018
Improper Restriction of XML External Entity Reference
Apache Camel is vulnerable to XXE in XSD validation processor.