CVE-2018-8027

CWE-611XML External Entity (XXE)7 documents7 sources
Severity
9.8CRITICAL
EPSS
2.5%
top 14.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache CamelApache Software Foundation Apache Camel
Timeline
PublishedJul 31
Latest updateOct 16

Description

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Mavenorg.apache.camel:camel-core2.20.02.20.4+1
NVDapache/camel2.20.02.20.3+1
CVEListV5apache_software_foundation/apache_camel2.20.0 to 2.20.3, 2.21.0+1

🔴Vulnerability Details

3
GHSA
Apache is vulnerable to XXE in XSD validation processor2018-10-16
OSV
Apache is vulnerable to XXE in XSD validation processor2018-10-16
CVEList
CVE-2018-8027: Apache Camel 22018-07-31

📋Vendor Advisories

2
Red Hat
camel-core: XXE in XSD validation processor2018-07-31
Apache
Apache camel: CVE-2018-8027

💬Community

1
Bugzilla
CVE-2018-8027 camel-core: XXE in XSD validation processor2018-08-02