You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2019/05/24 08:52:49 UTC
[camel] branch master updated: Added security advisory for
CVE-2019-0188
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new 77600f0 Added security advisory for CVE-2019-0188
77600f0 is described below
commit 77600f01be6f8d56d00d97261f1b7556517073cb
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Fri May 24 10:52:18 2019 +0200
Added security advisory for CVE-2019-0188
---
docs/user-manual/en/security-advisories.adoc | 3 +++
.../en/security-advisories/CVE-2019-0188.txt.asc | 27 ++++++++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/docs/user-manual/en/security-advisories.adoc b/docs/user-manual/en/security-advisories.adoc
index 043b8e2..12fe0b6 100644
--- a/docs/user-manual/en/security-advisories.adoc
+++ b/docs/user-manual/en/security-advisories.adoc
@@ -2,6 +2,9 @@
### 2019
+link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0188] - Apache
+Camel vulnerable to XML external entity injection (XXE)
+
link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0194] - Apache
Camel's File is vulnerable to directory traversal
diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
new file mode 100644
index 0000000..c7046b6
--- /dev/null
+++ b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
@@ -0,0 +1,27 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+CVE-2019-0188: Apache Camel vulnerable to XML external entity injection (XXE)
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Apache Camel versions prior to 2.24.0
+
+Description: Apache Camel contains an XML external entity injection (XXE) vulnerability
+
+Mitigation: Update to version 2.24.0
+
+Credit: This issue was discovered by Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+iQEcBAEBAgAGBQJc57B6AAoJEONOnzgC/0EADagH/11BLnLYA/T2A5haH7DC+awD
+cFIJjuhR8voM1uPbv4bUbRRs1DEvXGBDYGcs3xEXGaABGJ6EAb5c2GXoBpS0G92m
+vXcCc1to6nrEhOHg14rlOV3/BdGt1gvgUqUqG7/Fo35CnPAJLEvqkZGfO9GdnT40
+Sz8kNgmgfEZTQkOeV3gUuLwiyc4uWdPTkUEYYEwL7hghLI9yJ3KfU5igA8Nofgks
+2j2sATTSg6Nc0Yn9XCdg6D0BBhDJLHpEaAVlL3BQXQ/j7pghnxEGkiRiQDzXvVI7
+Dgc+PUAf0sDm5honsLGwcCiHnpSJ4amE2dGwzRiUFp0L15zdGvRA0JillPY7BoY=
+=qSeH
+-----END PGP SIGNATURE-----