CVE-2019-0194

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Camel
Vendor: CVE Published:; 30 April 2019

Summary

Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

Affected Version(s)

Apache Camel Camel 2.21.0 to 2.21.3

Apache Camel Camel 2.22.0 to 2.22.2 and Camel 2.23.0 The unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

References

https://lists.apache.org/thread.html/45e23ade8d3cb754615f...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/0a163d02169d3d361150...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28...

mailing-listx_refsource_MLIST

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2019
Vulnerability Reserved
Nov 14, 2018