org.apache.camel:camel-core (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.camel:camel-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2014-0002 — CVSS 7.5 (high): The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have…
CVE-2014-0003 — CVSS 7.5 (high): The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to…
CVE-2019-0188 — CVSS 7.5 (high): Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable…
CVE-2019-0194 — CVSS 7.5 (high): Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x…
CVE-2020-11971 — CVSS 7.5 (high): Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should…
CVE-2013-4330 — CVSS 6.8 (medium): Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple…
CVE-2015-0264 — CVSS 5.0 (medium): Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2…
CVE-2015-0263 — CVSS 5.0 (medium): XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and…
CVE-2024-22371 — CVSS 2.9 (low): Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data…