[camel] branch master updated: Added security advisory for CVE-2019-0188

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[camel] branch master updated: Added security advisory for CVE-2019-0188

acosentino
This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/master by this push:
     new 77600f0  Added security advisory for CVE-2019-0188
77600f0 is described below

commit 77600f01be6f8d56d00d97261f1b7556517073cb
Author: Andrea Cosentino <[hidden email]>
AuthorDate: Fri May 24 10:52:18 2019 +0200

    Added security advisory for CVE-2019-0188
---
 docs/user-manual/en/security-advisories.adoc       |  3 +++
 .../en/security-advisories/CVE-2019-0188.txt.asc   | 27 ++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/docs/user-manual/en/security-advisories.adoc b/docs/user-manual/en/security-advisories.adoc
index 043b8e2..12fe0b6 100644
--- a/docs/user-manual/en/security-advisories.adoc
+++ b/docs/user-manual/en/security-advisories.adoc
@@ -2,6 +2,9 @@
 
 ### 2019
 
+link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0188] - Apache
+Camel vulnerable to XML external entity injection (XXE)
+
 link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0194] -¬†Apache
 Camel's File is vulnerable to directory traversal
 
diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
new file mode 100644
index 0000000..c7046b6
--- /dev/null
+++ b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
@@ -0,0 +1,27 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+CVE-2019-0188: Apache Camel vulnerable to XML external entity injection (XXE)
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Apache Camel versions prior to 2.24.0
+
+Description: Apache Camel contains an XML external entity injection (XXE) vulnerability
+
+Mitigation: Update to version 2.24.0
+
+Credit: This issue was discovered by Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+iQEcBAEBAgAGBQJc57B6AAoJEONOnzgC/0EADagH/11BLnLYA/T2A5haH7DC+awD
+cFIJjuhR8voM1uPbv4bUbRRs1DEvXGBDYGcs3xEXGaABGJ6EAb5c2GXoBpS0G92m
+vXcCc1to6nrEhOHg14rlOV3/BdGt1gvgUqUqG7/Fo35CnPAJLEvqkZGfO9GdnT40
+Sz8kNgmgfEZTQkOeV3gUuLwiyc4uWdPTkUEYYEwL7hghLI9yJ3KfU5igA8Nofgks
+2j2sATTSg6Nc0Yn9XCdg6D0BBhDJLHpEaAVlL3BQXQ/j7pghnxEGkiRiQDzXvVI7
+Dgc+PUAf0sDm5honsLGwcCiHnpSJ4amE2dGwzRiUFp0L15zdGvRA0JillPY7BoY=
+=qSeH
+-----END PGP SIGNATURE-----