Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Camel  Security Vulnerabilities
CVE-2020-11973
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
CVSS Score
9.8
EPSS Score
0.095
Published
2020-05-14
CVE-2020-5529
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
CVSS Score
8.1
EPSS Score
0.016
Published
2020-02-11
CVE-2019-0188
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
CVSS Score
7.5
EPSS Score
0.02
Published
2019-05-28
CVE-2019-0194
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
CVSS Score
7.5
EPSS Score
0.024
Published
2019-04-30
CVE-2018-8041
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
CVSS Score
5.3
EPSS Score
0.026
Published
2018-09-17
CVE-2018-8027
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-07-31
CVE-2017-12633
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
CVSS Score
9.8
EPSS Score
0.034
Published
2017-11-15
CVE-2017-12634
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
CVSS Score
9.8
EPSS Score
0.046
Published
2017-11-15
CVE-2016-8749
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
CVSS Score
9.8
EPSS Score
0.074
Published
2017-03-28
CVE-2017-5643
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
CVSS Score
7.4
EPSS Score
0.008
Published
2017-03-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved