[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [SECURITY] New security advisory CVE-2019-0194 released for Apache Camel
From:       Andrea Cosentino <ancosen1985 () yahoo ! com>
Date:       2019-04-30 10:38:34
Message-ID: 2130778079.2289889.1556620714475 () mail ! yahoo ! com
[Download RAW message or body]

A new security advisory has been released for Apache Camel, that is fixed i=
n
the recent 2.21.5, 2.22.3 and 2.23.1 releases:

CVE-2019-0194: Apache Camel's File is vulnerable to directory traversal

Severity: MEDIUM

Vendor: The Apache Software Foundation

Versions Affected: Camel 2.21.0 to 2.21.3, Camel 2.22.0 to 2.22.2 and Camel=
 2.23.0 The unsupported Camel 2.x (2.19 and earlier) versions may be also a=
ffected.

Description: Apache Camel's File is vulnerable to directory traversal

Mitigation: 2.21.x users should upgrade to 2.21.5, 2.22.x users should upgr=
ade to 2.22.3 and Camel 2.23.x users should upgrade to 2.23.1 The JIRA tick=
ets: https://issues.apache.org/jira/browse/CAMEL-13042 refers to the variou=
s commits that resovoled the issue, and have more details.

Credit: This issue was discovered by Colm O. HEigeartaigh <coheigea at apac=
he dot org> from Apache Software Foundation

On behalf of the Apache Camel PMC

--
Andrea Cosentino=C2=A0
----------------------------------
Apache Camel PMC Chair
Apache Karaf Committer
Apache Servicemix PMC Member
Email: ancosen1985@yahoo.com
Twitter: @oscerd2
Github: oscerd
[prev in list] [next in list] [prev in thread] [next in thread]