from 77600f0 Added security advisory for CVE-2019-0188
new 6a51420 Errata corrige for CVE-2019-0188
new 906031a CVE-2019-0188 - Changed the title in security advisories
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
-CVE-2019-0188: Apache Camel vulnerable to XML external entity injection (XXE)
+CVE-2019-0188: Apache Camel-XMLJson vulnerable to XML external entity injection (XXE)
@@ -9,19 +9,17 @@ Vendor: The Apache Software Foundation
Versions Affected: Apache Camel versions prior to 2.24.0
-Description: Apache Camel contains an XML external entity injection (XXE) vulnerability
+Description: Apache Camel provided contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
Mitigation: Update to version 2.24.0
-Credit: This issue was discovered by Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)