Описание
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия до 2.24.0 (исключая)
Одно из
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00969
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 5.8
redhat
больше 6 лет назад
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
CVSS3: 7.5
fstec
больше 6 лет назад
Уязвимость библиотеки JSON-lib и компонента camel-xmljson java-фреймворка Apache Camel, позволяющая нарушителю осуществить XXE-атаку
EPSS
Процентиль: 76%
0.00969
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611