Apache Camel XML external entity injection vulnerability (CVE-2019-0188) - Code World

Apache Camel XML external entity injection vulnerability (CVE-2019-0188)

Others 2019-06-02 03:10:53 views: null

Apache Camel XML external entity injection vulnerability (CVE-2019-0188)

Release Date: 2019-05-21
Updated: 2019-05-27

Affected Systems:

Apache Group Camel < 2.24.0

Systems affected:

Apache Group Camel 2.24.0

description:

ID BUGTRAQ: 108 422
CVE (CAN) ID: CVE-2019-0188

the Apache Camel is a US Apache (Apache) Foundation, an open source software-based Enterprise Integration Pattern (enterprise integration model, referred to EIP) integration framework.
Apache Camel there is an XML external entity injection vulnerability allows an attacker to read arbitrary files installed on the server via a specially crafted request. The cause of vulnerability is the use of outdated, vulnerable JSON-lib library.

<* Source: Takayoshi Isayama of the Secure by Mitsui Bussan at Directions, Inc is an
*>

recommendations:

Manufacturers patch:

the Apache Group
------------
new version of the current vendors have been released to fix this security issue, please go to the manufacturer's home page to download:

http://camel.apache.org/

Guess you like

Origin www.linuxidc.com/Linux/2019-06/158917.htm

Apache Camel XML external entity injection vulnerability (CVE-2019-0188)

External entity injection vulnerability

Pikachu-XXE (xml external entity injection vulnerability)

Apache Camel XML внешний объект инъекции уязвимость (CVE-2019-0188)

XML external entity injection; XXE vulnerability; XXE has echo injection; XXE has no echo injection; Blind XXE

xxe (xml external entity injection)

XML External Entity Injection Basics

XXE of OWASP (XML external entity injection)

XXE external entity injection vulnerability-vulnerability attack and defense test

XXE external entity injection vulnerability-basic knowledge

XML file parsing and XML external entity injection protection

XXE (XML external entity injection) offensive and defensive finishing

XXE external entity injection vulnerability-CTF exam questions supplement and-and XXE vulnerability repair

Apache Spark UI Command Injection Vulnerability (CVE-2022-33891)

[Vulnerability recurrence] Apache RocketMQ Command Injection Vulnerability (CVE-2023-33246)

[Network Security] JAVA code audit - XXE external entity injection

Reappearance of Apache Kafka Connect JNDI Injection Vulnerability (CVE-2023-25194)

spring frame injection xml configuration file attributes for the entity class of complex

CVE-2019-9740 Python urllib CRLF injection vulnerability reproduced

Web universal principle vulnerability --XML injection, XSS, CSRF vulnerabilities

Apache Solr Velocity template injection RCE vulnerability reproduction

Apache Ivy Injection Vulnerability Could Allow Attackers to Extract Sensitive Data

Apache Camel what exactly?

Mutual TLS on apache camel

[Introduction to Camel of Apache]

Apache Camel translation (1)

Learn about Apache Camel?

CVE-2019-0193 Apache solr velocity module vulnerability

CVE-2019-12409: Apache Solr RCE vulnerability alerts

apache parsing vulnerability (CVE-2017-15715)

Recommended

Ranking

How cascading public network servers and network companies with free softether, forming a network penetration

axios package

C implementation creates multiple txt file and named to the natural numbers, then the resulting decimal data written txt file

ctfhub技能树信息泄露目录遍历 PHPINFO 备份文件下载

The real version of graduation = #"Massey University graduation certificate in New Zealand" is exactly the same as the original MQU certificate

Examples of simple web application architecture

MATLAB graphics drawing-polar and logarithmic images

java里的this和super关键字使用（附代码实例操作）

Markdown을 사용하여 다양한 플랫폼과 호환되고 보기 쉽고 매우 아름다운 Readme 또는 기사를 작성하는 방법은 무엇입니까? 자세한 그림, 도구, 예제가 포함된 템플릿이 첨부되어 있습니다.

What does java startup hardcode correspond to?

Daily

More

2024-04-23(30)

2024-04-22(5)

2024-04-21(0)

2024-04-20(6)

2024-04-19(5)

2024-04-18(0)

2024-04-17(31)

2024-04-16(23)

2024-04-15(5)

2024-04-14(0)