Directory Traversal Vulnerability in Apache Camel Products
CVE-2019-0194

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Camel
Vendor: CVE Published:; 30 April 2019

Summary

The File component of Apache Camel is vulnerable to directory traversal, allowing unauthorized access to files outside of the intended directory structure. This issue affects multiple versions of Apache Camel, and if exploited, could lead to significant security breaches by granting attackers access to sensitive files.

Affected Version(s)

Apache Camel Camel 2.21.0 to 2.21.3

Apache Camel Camel 2.22.0 to 2.22.2 and Camel 2.23.0 The unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

References

https://lists.apache.org/thread.html/45e23ade8d3cb754615f...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/0a163d02169d3d361150...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28...

mailing-listx_refsource_MLIST

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2019
Vulnerability Reserved
Nov 14, 2018

.