Show filters
63 Total Results
Displaying 51-60 of 63
Sort by:
Attacker Value
Unknown

CVE-2017-12634

Disclosure Date: November 15, 2017 (last updated November 08, 2023)
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
0
0
Attacker Value
Unknown

CVE-2016-8749

Disclosure Date: March 28, 2017 (last updated November 08, 2023)
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
0
0
Attacker Value
Unknown

CVE-2017-5643

Disclosure Date: March 16, 2017 (last updated November 08, 2023)
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
0
0
Attacker Value
Unknown

CVE-2017-3159

Disclosure Date: March 07, 2017 (last updated November 08, 2023)
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.
0
0
Attacker Value
Unknown

CVE-2015-5348

Disclosure Date: April 15, 2016 (last updated November 08, 2023)
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
0
0
Attacker Value
Unknown

CVE-2015-5344

Disclosure Date: February 03, 2016 (last updated November 08, 2023)
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
0
0
Attacker Value
Unknown

CVE-2015-0264

Disclosure Date: June 03, 2015 (last updated October 05, 2023)
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
0
0
Attacker Value
Unknown

CVE-2015-0263

Disclosure Date: June 03, 2015 (last updated October 05, 2023)
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
0
0
Attacker Value
Unknown

CVE-2014-0003

Disclosure Date: March 21, 2014 (last updated October 05, 2023)
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
0
0
Attacker Value
Unknown

CVE-2014-0002

Disclosure Date: March 21, 2014 (last updated October 05, 2023)
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
0
0
View More Topics  < Previous  Next >