[camel] branch master updated: Added security advisory for CVE-2019-0188

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[camel] branch master updated: Added security advisory for CVE-2019-0188

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

The following commit(s) were added to refs/heads/master by this push:
     new 77600f0  Added security advisory for CVE-2019-0188
77600f0 is described below

commit 77600f01be6f8d56d00d97261f1b7556517073cb
Author: Andrea Cosentino <[hidden email]>
AuthorDate: Fri May 24 10:52:18 2019 +0200

    Added security advisory for CVE-2019-0188
 docs/user-manual/en/security-advisories.adoc       |  3 +++
 .../en/security-advisories/CVE-2019-0188.txt.asc   | 27 ++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/docs/user-manual/en/security-advisories.adoc b/docs/user-manual/en/security-advisories.adoc
index 043b8e2..12fe0b6 100644
--- a/docs/user-manual/en/security-advisories.adoc
+++ b/docs/user-manual/en/security-advisories.adoc
@@ -2,6 +2,9 @@
 ### 2019
+link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0188] - Apache
+Camel vulnerable to XML external entity injection (XXE)
 link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0194] -¬†Apache
 Camel's File is vulnerable to directory traversal
diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
new file mode 100644
index 0000000..c7046b6
--- /dev/null
+++ b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
@@ -0,0 +1,27 @@
+Hash: SHA1
+CVE-2019-0188: Apache Camel vulnerable to XML external entity injection (XXE)
+Severity: MEDIUM
+Vendor: The Apache Software Foundation
+Versions Affected: Apache Camel versions prior to 2.24.0
+Description: Apache Camel contains an XML external entity injection (XXE) vulnerability
+Mitigation: Update to version 2.24.0
+Credit: This issue was discovered by Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.
+Version: GnuPG v2.0.22 (GNU/Linux)