Description

Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/30/2

http://www.securityfocus.com/bid/108181

https://lists.apache.org/thread.html/0a163d02169d3d361150e8183df4af33f1a3d8a419b2937ac8e6c66f%40%3Cusers.camel.apache.org%3E

https://lists.apache.org/thread.html/0cb842f367336b352a7548e290116b64b78b8e7b99402deaba81a687%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/45e23ade8d3cb754615f95975e89e8dc73c59eeac914f07d53acbac6%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/9a6bc022f7ab28e4894b1831ce336eb41ae6d5c24d86646fe16e956f%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/a39441db574ee996f829344491b3211b53c9ed926f00ae5d88943b76%40%3Cdev.camel.apache.org%3E

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

Related Vulnerabilities

CVE-2022-47105 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system

CVE-2023-26132 Vulnerability in npm package dottie

CVE-2023-26487 Vulnerability in maven package org.webjars.npm:vega-functions

CVE-2023-30513 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes

CVE-2016-10735 Vulnerability in npm package bootstrap

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Mailing List Third Party Advisory