Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
CVSS Score
7.5
EPSS Score
0.022
Published
2019-05-28
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
CVSS Score
5.3
EPSS Score
0.025
Published
2018-09-17
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-07-31