| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA1 |
| |
| CVE-2019-0188: Apache Camel-XMLJson vulnerable to XML external entity injection (XXE) |
| |
| Severity: MEDIUM |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: Apache Camel versions prior to 2.24.0 |
| |
| Description: Apache Camel provided contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. |
| |
| Mitigation: Update to version 2.24.0 |
| -----BEGIN PGP SIGNATURE----- |
| Version: GnuPG v2.0.22 (GNU/Linux) |
| |
| iQEcBAEBAgAGBQJc57YJAAoJEONOnzgC/0EAI1oIAITlFL/xUHp0rEn5WaRoCbGE |
| 49ZYJ2/bwK94se0KMhT5VqF6mYf1BWMSVzrczN+Qm8bEb1tQPDZFnTUe0hUjMN61 |
| tJpGK1UPCOUm3rBVSmrkbYclBVCBgxIEjfeP7SAtBXZSQ7/SHLBG8OQWRur7CPml |
| 6qtDt9WqIV0da9hJgP2n0YExqyfbCb0IZkvo23DWlzAHZ0LCVc7V/lDqGG1cWsZw |
| gEMtUfbaz4533vr5+LgST3z7AbnMBpk2P29/9M7Z3wOxtS2Ne6aw/ooJfRh/HJ5k |
| sw4jNQ/4txaha4BszSH9Ibdm0nMyzlmv0u8nONM0X2hhxasybMXIdPlTJh308BU= |
| =w7Pn |
| -----END PGP SIGNATURE----- |