title: “Apache Camel Security Advisory - CVE-2018-8027” url: /security/CVE-2018-8027.html date: 2018-07-31T09:29:00.857000 draft: false type: security-advisory cve: CVE-2018-8027 severity: MEDIUM summary: “Apache Camel's Core is vulnerable to XXE in XSD validation processor” description: “Apache Camel's Core is vulnerable to XXE External Entity vulnerability XSD validation processor.” mitigation: “2.20.x users should upgrade to 2.20.4, 2.21.0 users should upgrade to 2.21.1. The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-12444 and https://issues.apache.org/jira/browse/CAMEL-10894 (partial fix) refer to the various commits that resovoled the issue, and have more details.” credit: “This issue was discovered by Karel JelĂnek from Unicorn Systems.” affected: 2.20.0 up to 2.20.3, 2.21.0 fixed: 2.20.4, 2.21.1 and newer
The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-12444 and https://issues.apache.org/jira/browse/CAMEL-10894 (partial fix) refer to the various commits that resovoled the issue, and have more details.