title: “Apache Camel Security Advisory - CVE-2019-0194” url: /security/CVE-2019-0194.html date: 2019-04-30T18:29:00.607000 draft: false type: security-advisory cve: CVE-2019-0194 severity: MEDIUM summary: “Apache Camel's File is vulnerable to directory traversal” description: “Apache Camel's File is vulnerable to directory traversal” mitigation: “2.21.x users should upgrade to 2.21.5, 2.22.x users should upgrade to 2.22.3 and Camel 2.23.x users should upgrade to 2.23.1” credit: “This issue was discovered by Colm O. HEigeartaigh from Apache Software Foundation” affected: 2.21.0 up to 2.21.3, 2.22.0 up to 2.22.2, 2.23.0 fixed: 2.21.5, 2.22.3, 2.23.1
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-13042 refers to the various commits that resovoled the issue, and have more details.