2 matches found
com.consol.citrus:citrus-camel (>=2.7.4 <=2.7.9), com.github.igor-suhorukov:camel-aws (>=2.20.1.2 <=2.20.1.5) +743 more potentially affected by CVE-2018-8027 via org.apache.camel:camel-core (>=2.20.0 <=2.20.3)
org.apache.camel:camel-core MAVEN version =2.20.0, =2.7.4, =2.20.1.2, =2.20.0, =0.1.0, =1.0.0, =2.20.0, =1.2.23-RELEASE, =1.31.1, =1.5.5, =1.12.0, =2.0.0, =1.12.0, =1.3.0, =1.3.0-20180301, =1.3.0-20180304 and more Source cves: CVE-2018-8027 Source advisory: OSV:GHSA-8VFM-4388-6RPC...
CVE-2018-8027
Apache Camel Core is vulnerable to XML External Entity (XXE) processing in the XSD validation processor. Affected versions are 2.20.0–2.20.3 and 2.21.0. Root cause: improper handling of XML external entities in the XSD validation path, enabling a remote attacker to read arbitrary files when a vic...