This repository has been archived by the owner on Jan 28, 2021. It is now read-only.
Remove camel validation vulnerability #101
Comments
danhaywood
added a commit
that referenced
this issue
Jan 15, 2019
…security vulnerabilities in both camel-core (validation) and camel-jackson
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
as per https://github.com/incodehq/incode-platform/network/alert/modules/pom.xml/org.apache.camel:camel-core/open
org.apache.camel:camel-core
org.apache.camel camel-core [2.17.6,) Always verify the validity and compatibility of suggestions with your codebase.Open GitHub opened this alert on 17 Oct 2018
1 org.apache.camel:camel-core vulnerability found in modules/pom.xml on 17 Oct 2018
Remediation
Upgrade org.apache.camel:camel-core to version 2.17.6 or later. For example:
Details
CVE-2017-5643 More information
moderate severity
Vulnerable versions: < 2.17.6
Patched version: 2.17.6
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
The text was updated successfully, but these errors were encountered: