Apache Camel security advisory: CVE-2019-0188

Severity

MEDIUM

Summary

Apache Camel-XMLJson vulnerable to XML external entity injection (XXE)

Versions affected

Apache Camel versions prior to 2.24.0

Versions fixed

2.24.0

Description

Apache Camel provided contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.

Mitigation

Update to version 2.24.0

Credit

References

PGP signed advisory data: CVE-2019-0188.txt.asc
Mitre CVE Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0188