You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2019/05/24 09:16:12 UTC

[camel] 01/02: Errata corrige for CVE-2019-0188

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

commit 6a51420aa6a2846fda2d8a13d99271ad16bce651
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Fri May 24 11:15:00 2019 +0200

    Errata corrige for CVE-2019-0188
---
 .../en/security-advisories/CVE-2019-0188.txt.asc     | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
index c7046b6..f6d70be 100644
--- a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
+++ b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
@@ -1,7 +1,7 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-CVE-2019-0188: Apache Camel vulnerable to XML external entity injection (XXE)
+CVE-2019-0188: Apache Camel-XMLJson vulnerable to XML external entity injection (XXE)
 
 Severity: MEDIUM
 
@@ -9,19 +9,17 @@ Vendor: The Apache Software Foundation
 
 Versions Affected: Apache Camel versions prior to 2.24.0
 
-Description: Apache Camel contains an XML external entity injection (XXE) vulnerability
+Description: Apache Camel provided contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
 
 Mitigation: Update to version 2.24.0
-
-Credit: This issue was discovered by Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQEcBAEBAgAGBQJc57B6AAoJEONOnzgC/0EADagH/11BLnLYA/T2A5haH7DC+awD
-cFIJjuhR8voM1uPbv4bUbRRs1DEvXGBDYGcs3xEXGaABGJ6EAb5c2GXoBpS0G92m
-vXcCc1to6nrEhOHg14rlOV3/BdGt1gvgUqUqG7/Fo35CnPAJLEvqkZGfO9GdnT40
-Sz8kNgmgfEZTQkOeV3gUuLwiyc4uWdPTkUEYYEwL7hghLI9yJ3KfU5igA8Nofgks
-2j2sATTSg6Nc0Yn9XCdg6D0BBhDJLHpEaAVlL3BQXQ/j7pghnxEGkiRiQDzXvVI7
-Dgc+PUAf0sDm5honsLGwcCiHnpSJ4amE2dGwzRiUFp0L15zdGvRA0JillPY7BoY=
-=qSeH
+iQEcBAEBAgAGBQJc57YJAAoJEONOnzgC/0EAI1oIAITlFL/xUHp0rEn5WaRoCbGE
+49ZYJ2/bwK94se0KMhT5VqF6mYf1BWMSVzrczN+Qm8bEb1tQPDZFnTUe0hUjMN61
+tJpGK1UPCOUm3rBVSmrkbYclBVCBgxIEjfeP7SAtBXZSQ7/SHLBG8OQWRur7CPml
+6qtDt9WqIV0da9hJgP2n0YExqyfbCb0IZkvo23DWlzAHZ0LCVc7V/lDqGG1cWsZw
+gEMtUfbaz4533vr5+LgST3z7AbnMBpk2P29/9M7Z3wOxtS2Ne6aw/ooJfRh/HJ5k
+sw4jNQ/4txaha4BszSH9Ibdm0nMyzlmv0u8nONM0X2hhxasybMXIdPlTJh308BU=
+=w7Pn
 -----END PGP SIGNATURE-----