CVE-2019-0188

CWE-611 — XML External Entity (XXE)8 documents8 sources

Severity

7.5HIGH

EPSS

1.3%

top 20.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Camel Apache Apache Camel Oracle Enterprise Data Quality +3 more

Timeline

PublishedMay 28

Latest updateJul 15

Description

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

▶Mavenorg.apache.camel:camel-xmljson2.23.4

▶NVDapache/camel< 2.24.0

▶Mavenorg.apache.camel:camel-core< 2.24.0

▶CVEListV5apache/apache_camelApache Camel versions prior to 2.24.0

▶NVDoracle/enterprise_repository12.1.3.0.0

🔴Vulnerability Details

OSV

XML External Entity injection in Apache Camel↗2019-05-29

▶

GHSA

XML External Entity injection in Apache Camel↗2019-05-29

▶

CVEList

CVE-2019-0188: Apache Camel prior to 2↗2019-05-28

▶

📋Vendor Advisories

Oracle

Oracle Oracle Financial Services Applications Risk Matrix: Core (Apache Camel) — CVE-2019-0188↗2020-07-15

▶

Red Hat

camel-xmljson: XML external entity injection vulnerability inoutdated JSON-lib library↗2019-05-22

▶

Apache

Apache camel: CVE-2019-0188↗

▶

💬Community

Bugzilla

CVE-2019-0188 camel-xmljson: XML external entity injection vulnerability inoutdated JSON-lib library↗2019-06-12

▶