[
https://issues.apache.org/jira/browse/TAMAYA-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16858309#comment-16858309
]
ASF subversion and git services commented on TAMAYA-410:
--------------------------------------------------------
Commit 4723a3682181e19d5000811866163f77aa38dce2 in incubator-tamaya-sandbox's
branch refs/heads/master from William Lieurance
[ https://gitbox.apache.org/repos/asf?p=incubator-tamaya-sandbox.git;h=4723a36 ]
Merge pull request #30 from peculater/TAMAYA-410-camel-core-cve
TAMAYA-410 bump camel-core version past CVE-2019-0188
> Update camel-core dependency past CVE-2019-0188
> -----------------------------------------------
>
> Key: TAMAYA-410
> URL: https://issues.apache.org/jira/browse/TAMAYA-410
> Project: Tamaya
> Issue Type: Improvement
> Reporter: William Lieurance
> Assignee: William Lieurance
> Priority: Minor
> Time Spent: 20m
> Remaining Estimate: 0h
>
> h5. CVE-2019-0188
>
> high severity
> *Vulnerable versions:* < 2.24.0
> *Patched version:* 2.24.0
> Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE)
> vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library.
> This affects only the camel-xmljson component, which was removed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
