You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2018/10/19 06:16:39 UTC
[camel] branch master updated: Fixed links
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new 46b26fe Fixed links
46b26fe is described below
commit 46b26fe1eb833fba99ada05524ac21dcd0f4366f
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Fri Oct 19 08:11:50 2018 +0200
Fixed links
---
docs/user-manual/en/security-advisories.adoc | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/docs/user-manual/en/security-advisories.adoc b/docs/user-manual/en/security-advisories.adoc
index fb871fe..a558e22 100644
--- a/docs/user-manual/en/security-advisories.adoc
+++ b/docs/user-manual/en/security-advisories.adoc
@@ -1,36 +1,36 @@
[[SecurityAdvisories]]
### 2017
-[CVE-2017-5643](security-advisories/CVE-2017-5643.txt.asc) - Apache
+link:security-advisories/CVE-2017-5643.txt.asc[CVE-2017-5643] - Apache
Camel's Validation Component is vulnerable against SSRF via remote DTDs
and XXE
-[CVE-2017-3159](security-advisories/CVE-2017-3159.txt.asc) - Apache
+link:security-advisories/CVE-2017-3159.txt.asc[CVE-2017-3159] - Apache
Camel's Snakeyaml unmarshalling operation is vulnerable to Remote Code
Execution attacks
### 2016
-[CVE-2016-8749](security-advisories/CVE-2016-8749.txt.asc) - Apache
+link:security-advisories/CVE-2016-8749.txt.asc[CVE-2016-8749] - Apache
Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to
Remote Code Execution attacks
### 2015
-[CVE-2015-5344](security-advisories/CVE-2015-5344.txt.asc) - Apache
+link:security-advisories/CVE-2015-5344.txt.asc[CVE-2015-5344] - Apache
Camel's XStream usage is vulnerable to Remote Code Execution attacks.
-[CVE-2015-5348](security-advisories/CVE-2015-5348.txt.asc)
+link:security-advisories/CVE-2015-5348.txt.asc[CVE-2015-5348]
- Apache Camel's Jetty/Servlet usage is vulnerable to Java object
de-serialisation vulnerability.
-[CVE-2015-0264](security-advisories/CVE-2015-0264.txt.asc)
+link:security-advisories/CVE-2015-0264.txt.asc[CVE-2015-0264]
- The XPath handling in Apache Camel for invalid XML Strings or invalid
XML GenericFile objects allows remote attackers to read arbitrary files
via an XML External Entity (XXE) declaration. The XML External Entity
(XXE) will be resolved before the Exception is thrown.
-[CVE-2015-0263](security-advisories/CVE-2015-0263.txt.asc)
+link:security-advisories/CVE-2015-0263.txt.asc[CVE-2015-0263]
- The XML converter setup in Apache Camel allows remote attackers to
read arbitrary files via an SAXSource containing an XML External Entity
(XXE) declaration.
@@ -38,17 +38,17 @@ read arbitrary files via an SAXSource containing an XML External Entity
### 2014
-[CVE-2014-0003](security-advisories/CVE-2014-0003.txt.asc)
+link:security-advisories/CVE-2014-0003.txt.asc[CVE-2014-0003]
- The Apache Camel XSLT component allows XSL stylesheets to perform
calls to external Java methods.
-[CVE-2014-0002](security-advisories/CVE-2014-0002.txt.asc)
+link:security-advisories/CVE-2014-0002.txt.asc[CVE-2014-0002]
- The Apache Camel XSLT component will resolve entities in XML messages
when transforming them using an xslt route.
### 2013
-[CVE-2013-4330](security-advisories/CVE-2013-4330.txt.asc)
+link:security-advisories/CVE-2013-4330.txt.asc[CVE-2013-4330]
- Writing files using FILE or FTP components, can potentially be
exploited by a malicious user.