This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/camel.git
commit 6a51420aa6a2846fda2d8a13d99271ad16bce651 Author: Andrea Cosentino <[email protected]> AuthorDate: Fri May 24 11:15:00 2019 +0200 Errata corrige for CVE-2019-0188 --- .../en/security-advisories/CVE-2019-0188.txt.asc | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc index c7046b6..f6d70be 100644 --- a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc +++ b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc @@ -1,7 +1,7 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -CVE-2019-0188: Apache Camel vulnerable to XML external entity injection (XXE) +CVE-2019-0188: Apache Camel-XMLJson vulnerable to XML external entity injection (XXE) Severity: MEDIUM @@ -9,19 +9,17 @@ Vendor: The Apache Software Foundation Versions Affected: Apache Camel versions prior to 2.24.0 -Description: Apache Camel contains an XML external entity injection (XXE) vulnerability +Description: Apache Camel provided contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed. Mitigation: Update to version 2.24.0 - -Credit: This issue was discovered by Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQEcBAEBAgAGBQJc57B6AAoJEONOnzgC/0EADagH/11BLnLYA/T2A5haH7DC+awD -cFIJjuhR8voM1uPbv4bUbRRs1DEvXGBDYGcs3xEXGaABGJ6EAb5c2GXoBpS0G92m -vXcCc1to6nrEhOHg14rlOV3/BdGt1gvgUqUqG7/Fo35CnPAJLEvqkZGfO9GdnT40 -Sz8kNgmgfEZTQkOeV3gUuLwiyc4uWdPTkUEYYEwL7hghLI9yJ3KfU5igA8Nofgks -2j2sATTSg6Nc0Yn9XCdg6D0BBhDJLHpEaAVlL3BQXQ/j7pghnxEGkiRiQDzXvVI7 -Dgc+PUAf0sDm5honsLGwcCiHnpSJ4amE2dGwzRiUFp0L15zdGvRA0JillPY7BoY= -=qSeH +iQEcBAEBAgAGBQJc57YJAAoJEONOnzgC/0EAI1oIAITlFL/xUHp0rEn5WaRoCbGE +49ZYJ2/bwK94se0KMhT5VqF6mYf1BWMSVzrczN+Qm8bEb1tQPDZFnTUe0hUjMN61 +tJpGK1UPCOUm3rBVSmrkbYclBVCBgxIEjfeP7SAtBXZSQ7/SHLBG8OQWRur7CPml +6qtDt9WqIV0da9hJgP2n0YExqyfbCb0IZkvo23DWlzAHZ0LCVc7V/lDqGG1cWsZw +gEMtUfbaz4533vr5+LgST3z7AbnMBpk2P29/9M7Z3wOxtS2Ne6aw/ooJfRh/HJ5k +sw4jNQ/4txaha4BszSH9Ibdm0nMyzlmv0u8nONM0X2hhxasybMXIdPlTJh308BU= +=w7Pn -----END PGP SIGNATURE-----
