This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/camel.git
commit 8b433b7c249598058782dd69f7245838e0712132 Author: Andrea Cosentino <[email protected]> AuthorDate: Wed Sep 12 13:47:06 2018 +0200 Security Advisories: Porting to docs --- .../en/security-advisories/CVE-2018-8041.txt.asc | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/docs/user-manual/en/security-advisories/CVE-2018-8041.txt.asc b/docs/user-manual/en/security-advisories/CVE-2018-8041.txt.asc new file mode 100644 index 0000000..6f605f0 --- /dev/null +++ b/docs/user-manual/en/security-advisories/CVE-2018-8041.txt.asc @@ -0,0 +1,32 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +CVE-2018-8041: Apache Camel's Mail is vulnerable to path traversal + +Severity: MEDIUM + +Vendor: The Apache Software Foundation + +Versions Affected: Camel 2.20.0 to 2.20.3, Camel 2.21.0 to 2.21.1 and Camel 2.22.0 + +The unsupported Camel 2.x (2.19 and earlier) versions may be also affected. + +Description: Apache Camel's Mail is vulnerable to path traversal + +Mitigation: 2.20.x users should upgrade to 2.20.4, 2.21.0 users should upgrade to 2.21.2 and Camel 2.22.x users should upgrade to 2.22.1 + +The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-12630 +refers to the various commits that resovoled the issue, and have more details. + +Credit: This issue was discovered by Eedo Shapira <eedo dot shapira at ge dot com> from GE . +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.22 (GNU/Linux) + +iQEcBAEBAgAGBQJbmOMKAAoJEONOnzgC/0EAfSkH+wdNhAyFodwWREYgmHNbxTdf +c3JFH+jeqCpg1wiDZmGS4GpRi0f7s4W09tTIgiTtFhJINzpxJ6JOkZX8AzB43bSx +g83RdYmAplgrYaeY4dQnjAN9LrUSHTbLxWKsG+gR0FigkmL3B3qM30jGD3T4t3WM +AJ5PXRR87v85I9A1CzjtBgrxY6Zjn8A70Jm1AYdQ83Ywwj8dUD8Sw8qiFl/V/VBm +P77Y6/S0PzBu6AJR5k+31dy5aZaStwts0uWuCwwZl74DfDVwgM44rj9WTRJ9aseq +hc9T/Y3S7JKHMA3oo6Wu3MjU9kSO1PQ39CNO5/oCnjAtk4SVVSwU3wNYlXWj1t0= +=3846 +-----END PGP SIGNATURE-----
