security/index.xml (208 lines of code) (raw):

<?xml version="1.0" encoding="utf-8" standalone="yes"?> <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> <channel> <title>Security on Apache Camel</title> <link>https://camel.apache.org/security/</link> <description>Recent content in Security on Apache Camel</description> <generator>Hugo -- gohugo.io</generator> <language>en-us</language> <lastBuildDate>Tue, 01 Apr 2025 07:30:42 +0200</lastBuildDate> <atom:link href="https://camel.apache.org/security/index.xml" rel="self" type="application/rss+xml" /> <item> <title>Apache Camel Security Advisory - CVE-2025-30177</title> <link>https://camel.apache.org/security/CVE-2025-30177.html</link> <pubDate>Tue, 01 Apr 2025 07:30:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2025-30177.html</guid> <description>Camel-Undertow Message Header Injection via Improper Filtering</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2025-29891</title> <link>https://camel.apache.org/security/CVE-2025-29891.html</link> <pubDate>Wed, 12 Mar 2025 07:30:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2025-29891.html</guid> <description>Camel Message Header Injection through request parameters</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2025-27636</title> <link>https://camel.apache.org/security/CVE-2025-27636.html</link> <pubDate>Sun, 09 Mar 2025 04:30:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2025-27636.html</guid> <description>Camel Message Header Injection via Improper Filtering</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2024-22371</title> <link>https://camel.apache.org/security/CVE-2024-22371.html</link> <pubDate>Mon, 19 Feb 2024 10:41:48 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2024-22371.html</guid> <description>Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2024-23114</title> <link>https://camel.apache.org/security/CVE-2024-23114.html</link> <pubDate>Mon, 19 Feb 2024 09:26:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2024-23114.html</guid> <description>Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2024-22369</title> <link>https://camel.apache.org/security/CVE-2024-22369.html</link> <pubDate>Mon, 19 Feb 2024 09:25:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2024-22369.html</guid> <description>Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2023-34442</title> <link>https://camel.apache.org/security/CVE-2023-34442.html</link> <pubDate>Fri, 07 Jul 2023 11:15:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2023-34442.html</guid> <description>Temporary File Local Information Disclosure in camel-jira</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2022-45046 (Retracted)</title> <link>https://camel.apache.org/security/CVE-2022-45046.html</link> <pubDate>Mon, 05 Dec 2022 08:47:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2022-45046.html</guid> <description>LDAP Injection in camel-ldap</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2020-11994</title> <link>https://camel.apache.org/security/CVE-2020-11994.html</link> <pubDate>Wed, 08 Jul 2020 08:47:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2020-11994.html</guid> <description>Server-Side Template Injection and arbitrary file disclosure on Camel templating components</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2020-11971</title> <link>https://camel.apache.org/security/CVE-2020-11971.html</link> <pubDate>Thu, 14 May 2020 14:47:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2020-11971.html</guid> <description>Apache Camel JMX Rebind Flaw Vulnerability</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2020-11972</title> <link>https://camel.apache.org/security/CVE-2020-11972.html</link> <pubDate>Thu, 14 May 2020 14:47:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2020-11972.html</guid> <description>Apache Camel RabbitMQ enables Java deserialization by default</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2020-11973</title> <link>https://camel.apache.org/security/CVE-2020-11973.html</link> <pubDate>Thu, 14 May 2020 14:47:42 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2020-11973.html</guid> <description>Apache Camel Netty enables Java deserialization by default</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2019-0188</title> <link>https://camel.apache.org/security/CVE-2019-0188.html</link> <pubDate>Mon, 27 May 2019 12:58:33 +0200</pubDate> <guid>https://camel.apache.org/security/CVE-2019-0188.html</guid> <description>Apache Camel-XMLJson vulnerable to XML external entity injection (XXE)</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2019-0194</title> <link>https://camel.apache.org/security/CVE-2019-0194.html</link> <pubDate>Tue, 30 Apr 2019 18:29:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2019-0194.html</guid> <description>Apache Camel&amp;rsquo;s File is vulnerable to directory traversal</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2018-8041</title> <link>https://camel.apache.org/security/CVE-2018-8041.html</link> <pubDate>Mon, 17 Sep 2018 10:29:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2018-8041.html</guid> <description>Apache Camel&amp;rsquo;s Mail is vulnerable to path traversal</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2018-8027</title> <link>https://camel.apache.org/security/CVE-2018-8027.html</link> <pubDate>Tue, 31 Jul 2018 09:29:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2018-8027.html</guid> <description>Apache Camel&amp;rsquo;s Core is vulnerable to XXE in XSD validation processor</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2017-12633</title> <link>https://camel.apache.org/security/CVE-2017-12633.html</link> <pubDate>Wed, 15 Nov 2017 10:29:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2017-12633.html</guid> <description>Apache Camel&amp;rsquo;s Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2017-12634</title> <link>https://camel.apache.org/security/CVE-2017-12634.html</link> <pubDate>Wed, 15 Nov 2017 10:29:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2017-12634.html</guid> <description>Apache Camel&amp;rsquo;s Castor unmarshalling operation is vulnerable to Remote Code Execution attacks</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2016-8749</title> <link>https://camel.apache.org/security/CVE-2016-8749.html</link> <pubDate>Tue, 28 Mar 2017 14:59:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2016-8749.html</guid> <description>Apache Camel&amp;rsquo;s Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2017-5643</title> <link>https://camel.apache.org/security/CVE-2017-5643.html</link> <pubDate>Thu, 16 Mar 2017 11:59:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2017-5643.html</guid> <description>Apache Camel&amp;rsquo;s Validation Component is vulnerable against SSRF via remote DTDs and XXE</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2017-3159</title> <link>https://camel.apache.org/security/CVE-2017-3159.html</link> <pubDate>Tue, 07 Mar 2017 10:59:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2017-3159.html</guid> <description>Apache Camel&amp;rsquo;s Snakeyaml unmarshalling operation is vulnerable to Remote Code Execution attacks</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2015-5348</title> <link>https://camel.apache.org/security/CVE-2015-5348.html</link> <pubDate>Fri, 15 Apr 2016 11:59:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2015-5348.html</guid> <description>Apache Camel&amp;rsquo;s Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability.</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2015-5344</title> <link>https://camel.apache.org/security/CVE-2015-5344.html</link> <pubDate>Wed, 03 Feb 2016 13:59:00 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2015-5344.html</guid> <description>Apache Camel&amp;rsquo;s XStream usage is vulnerable to Remote Code Execution attacks.</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2015-0264</title> <link>https://camel.apache.org/security/CVE-2015-0264.html</link> <pubDate>Wed, 03 Jun 2015 16:59:04 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2015-0264.html</guid> <description>The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile objects allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration. The XML External Entity (XXE) will be resolved before the Exception is thrown.</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2015-0263</title> <link>https://camel.apache.org/security/CVE-2015-0263.html</link> <pubDate>Wed, 03 Jun 2015 16:59:02 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2015-0263.html</guid> <description>The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2014-0002</title> <link>https://camel.apache.org/security/CVE-2014-0002.html</link> <pubDate>Fri, 21 Mar 2014 00:38:59 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2014-0002.html</guid> <description>The Apache Camel XSLT component will resolve entities in XML messages when transforming them using an xslt route.</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2014-0003</title> <link>https://camel.apache.org/security/CVE-2014-0003.html</link> <pubDate>Fri, 21 Mar 2014 00:38:59 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2014-0003.html</guid> <description>The Apache Camel XSLT component allows XSL stylesheets to perform calls to external Java methods.</description> </item> <item> <title>Apache Camel Security Advisory - CVE-2013-4330</title> <link>https://camel.apache.org/security/CVE-2013-4330.html</link> <pubDate>Fri, 04 Oct 2013 13:55:09 +0000</pubDate> <guid>https://camel.apache.org/security/CVE-2013-4330.html</guid> <description>Writing files using FILE or FTP components, can potentially be exploited by a malicious user.</description> </item> </channel> </rss>