First published: Tue Jul 31 2018(Updated: )
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Camel | >=2.20.0<=2.20.3 | |
Apache Camel | =2.21.0 | |
maven/org.apache.camel:camel-core | =2.21.0 | 2.21.1 |
maven/org.apache.camel:camel-core | >=2.20.0<2.20.4 | 2.20.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-8027 is critical with a score of 9.8.
Apache Camel versions 2.20.0 to 2.20.3 and 2.21.0 are affected by CVE-2018-8027.
Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE (XML External Entity) in the XSD validation processor.
Upgrade Apache Camel to a version beyond 2.20.3 or 2.21.0 to fix the vulnerability in CVE-2018-8027.
You can find more information about CVE-2018-8027 at the following references: 1. [Apache Camel Security Advisories](http://camel.apache.org/security-advisories.data/CVE-2018-8027.txt.asc) 2. [SecurityFocus](http://www.securityfocus.com/bid/104933) 3. [Apache Camel Mailing List](https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E)