{"containers":{"cna":{"affected":[{"product":"Apache Camel","vendor":"Apache","versions":[{"status":"affected","version":"Apache Camel versions prior to 2.24.0"}]}],"datePublic":"2019-05-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed."}],"problemTypes":[{"descriptions":[{"description":"XML external entity injection (XXE)","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-01-20T14:41:59.000Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"name":"JVN#71498764","tags":["third-party-advisory","x_refsource_JVN"],"url":"http://jvn.jp/en/jp/JVN71498764/index.html"},{"name":"108422","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/108422"},{"name":"[camel-users] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/00118387610522b107cbdcec5369ddd512b576ff0236a02bfca12f44%40%3Cusers.camel.apache.org%3E"},{"name":"[oss-security] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2019/05/24/2"},{"name":"[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater opened a new pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/84ba9b79e801a4148dde73d1969cdae0247d11ff63de7ce11b394dc5%40%3Ccommits.tamaya.apache.org%3E"},{"name":"[tamaya-dev] 20190607 [jira] [Created] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/45349f8bd98c1c13a84beddede18fe79b8619ebab99d90f1fb43d7ab%40%3Cdev.tamaya.apache.org%3E"},{"name":"[tamaya-commits] 20190607 [incubator-tamaya-sandbox] branch master updated: TAMAYA-410 bump camel-core version past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/61601cda2c5f9832184ea14647b0c0589c94126a460c8eb196be1313%40%3Ccommits.tamaya.apache.org%3E"},{"name":"[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater merged pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/63d1cec8541befeb59dbed23a6b227bdcca7674aa234fb43354dac82%40%3Ccommits.tamaya.apache.org%3E"},{"name":"[tamaya-dev] 20190607 [jira] [Closed] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/fe74d173689600d9a395d026f0bf5d154c0bf7bd195ecfbc2c987036%40%3Cdev.tamaya.apache.org%3E"},{"name":"[tamaya-dev] 20190607 [jira] [Commented] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/eed73fc18d4fa3e2341cd0ab101b47f06b16c7efc1cb73791c524c9d%40%3Cdev.tamaya.apache.org%3E"},{"name":"[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] ottlinger commented on issue #30: TAMAYA-410 bump camel-core version past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/6fefbd90f7fb4c8412d85ea3e9e97a4b76b47e206f502c73c29dc0b7%40%3Ccommits.tamaya.apache.org%3E"},{"name":"[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2019-0188","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Camel","version":{"version_data":[{"version_value":"Apache Camel versions prior to 2.24.0"}]}}]},"vendor_name":"Apache"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"XML external entity injection (XXE)"}]}]},"references":{"reference_data":[{"name":"JVN#71498764","refsource":"JVN","url":"http://jvn.jp/en/jp/JVN71498764/index.html"},{"name":"108422","refsource":"BID","url":"http://www.securityfocus.com/bid/108422"},{"name":"[camel-users] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel","refsource":"MLIST","url":"https://lists.apache.org/thread.html/00118387610522b107cbdcec5369ddd512b576ff0236a02bfca12f44@%3Cusers.camel.apache.org%3E"},{"name":"[oss-security] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2019/05/24/2"},{"name":"[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater opened a new pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188","refsource":"MLIST","url":"https://lists.apache.org/thread.html/84ba9b79e801a4148dde73d1969cdae0247d11ff63de7ce11b394dc5@%3Ccommits.tamaya.apache.org%3E"},{"name":"[tamaya-dev] 20190607 [jira] [Created] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188","refsource":"MLIST","url":"https://lists.apache.org/thread.html/45349f8bd98c1c13a84beddede18fe79b8619ebab99d90f1fb43d7ab@%3Cdev.tamaya.apache.org%3E"},{"name":"[tamaya-commits] 20190607 [incubator-tamaya-sandbox] branch master updated: TAMAYA-410 bump camel-core version past CVE-2019-0188","refsource":"MLIST","url":"https://lists.apache.org/thread.html/61601cda2c5f9832184ea14647b0c0589c94126a460c8eb196be1313@%3Ccommits.tamaya.apache.org%3E"},{"name":"[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater merged pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188","refsource":"MLIST","url":"https://lists.apache.org/thread.html/63d1cec8541befeb59dbed23a6b227bdcca7674aa234fb43354dac82@%3Ccommits.tamaya.apache.org%3E"},{"name":"[tamaya-dev] 20190607 [jira] [Closed] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188","refsource":"MLIST","url":"https://lists.apache.org/thread.html/fe74d173689600d9a395d026f0bf5d154c0bf7bd195ecfbc2c987036@%3Cdev.tamaya.apache.org%3E"},{"name":"[tamaya-dev] 20190607 [jira] [Commented] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188","refsource":"MLIST","url":"https://lists.apache.org/thread.html/eed73fc18d4fa3e2341cd0ab101b47f06b16c7efc1cb73791c524c9d@%3Cdev.tamaya.apache.org%3E"},{"name":"[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] ottlinger commented on issue #30: TAMAYA-410 bump camel-core version past CVE-2019-0188","refsource":"MLIST","url":"https://lists.apache.org/thread.html/6fefbd90f7fb4c8412d85ea3e9e97a4b76b47e206f502c73c29dc0b7@%3Ccommits.tamaya.apache.org%3E"},{"name":"[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.","refsource":"MLIST","url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E"},{"name":"https://www.oracle.com/security-alerts/cpujul2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","refsource":"MISC","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"name":"https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc","refsource":"CONFIRM","url":"https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc"},{"name":"https://www.oracle.com/security-alerts/cpujan2021.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2021.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T17:44:14.864Z"},"title":"CVE Program Container","references":[{"name":"JVN#71498764","tags":["third-party-advisory","x_refsource_JVN","x_transferred"],"url":"http://jvn.jp/en/jp/JVN71498764/index.html"},{"name":"108422","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/108422"},{"name":"[camel-users] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/00118387610522b107cbdcec5369ddd512b576ff0236a02bfca12f44%40%3Cusers.camel.apache.org%3E"},{"name":"[oss-security] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2019/05/24/2"},{"name":"[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater opened a new pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/84ba9b79e801a4148dde73d1969cdae0247d11ff63de7ce11b394dc5%40%3Ccommits.tamaya.apache.org%3E"},{"name":"[tamaya-dev] 20190607 [jira] [Created] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/45349f8bd98c1c13a84beddede18fe79b8619ebab99d90f1fb43d7ab%40%3Cdev.tamaya.apache.org%3E"},{"name":"[tamaya-commits] 20190607 [incubator-tamaya-sandbox] branch master updated: TAMAYA-410 bump camel-core version past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/61601cda2c5f9832184ea14647b0c0589c94126a460c8eb196be1313%40%3Ccommits.tamaya.apache.org%3E"},{"name":"[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater merged pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/63d1cec8541befeb59dbed23a6b227bdcca7674aa234fb43354dac82%40%3Ccommits.tamaya.apache.org%3E"},{"name":"[tamaya-dev] 20190607 [jira] [Closed] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/fe74d173689600d9a395d026f0bf5d154c0bf7bd195ecfbc2c987036%40%3Cdev.tamaya.apache.org%3E"},{"name":"[tamaya-dev] 20190607 [jira] [Commented] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/eed73fc18d4fa3e2341cd0ab101b47f06b16c7efc1cb73791c524c9d%40%3Cdev.tamaya.apache.org%3E"},{"name":"[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] ottlinger commented on issue #30: TAMAYA-410 bump camel-core version past CVE-2019-0188","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/6fefbd90f7fb4c8412d85ea3e9e97a4b76b47e206f502c73c29dc0b7%40%3Ccommits.tamaya.apache.org%3E"},{"name":"[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"}]}]},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2019-0188","datePublished":"2019-05-28T18:10:08.000Z","dateReserved":"2018-11-14T00:00:00.000Z","dateUpdated":"2024-08-04T17:44:14.864Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}