CVE-2018-8041: Path Traversal
First published: Sat Jun 09 2018(Updated: )
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Camel | >=2.20.0<=2.20.3 | |
| Apache Camel | >=2.21.0<=2.21.1 | |
| Apache Camel | =2.22.0 | |
| maven/org.apache.camel:camel-mail | =2.22.0 | 2.22.1 |
| maven/org.apache.camel:camel-mail | >=2.21.0<2.21.2 | 2.21.2 |
| maven/org.apache.camel:camel-mail | >=2.20.0<2.20.4 | 2.20.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2018-8041
- https://access.redhat.com/errata/RHSA-2018:3768
- https://github.com/advisories/GHSA-jv74-f9pj-xp3f (Advisory)
- https://issues.apache.org/jira/browse/CAMEL-12630
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
- http://camel.apache.org/security-advisories.data/CVE-2018-8041.txt.asc?version=1&modificationDate=1536746339000&api=v2
- http://www.securityfocus.com/bid/105352
- https://github.com/apache/camel/commit/4580e4d6c65cfd544c1791c824b5819477c583cc
- https://github.com/apache/camel/commit/4f401c09d22c45c94fa97746dc31905e06b19e3
- https://github.com/apache/camel/commit/63c7c080de4d18f9ceb25843508710df2c2c6d4
- https://github.com/apache/camel/commit/a0d25d9582c6ee85e9567fa39413df0b4f02ef7
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1612644#c1
- https://access.redhat.com/security/cve/cve-2018-8041
- https://bugzilla.redhat.com/show_bug.cgi?id=1612644
- https://www.cve.org/CVERecord?id=CVE-2018-8041 https://nvd.nist.gov/vuln/detail/CVE-2018-8041
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2018-8041.
What is the severity of CVE-2018-8041?
The severity of CVE-2018-8041 is medium (6.3).
Which software versions are affected by CVE-2018-8041?
Apache Camel's Mail versions 2.20.0 through 2.20.3, 2.21.0 through 2.21.1, and 2.22.0 are affected by CVE-2018-8041.
What is the CWE ID of CVE-2018-8041?
The CWE ID of CVE-2018-8041 is 22.
How can I fix the path traversal vulnerability in Apache Camel's Mail?
It is recommended to update to a version that is not vulnerable: use Apache Camel's Mail version 2.20.4 or higher, 2.21.2 or higher, or 2.22.1 or higher.
- collector/redhat-cve
- collector/nvd-index
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-jv74-f9pj-xp3f
- alias/CVE-2018-8041
- collector/github-advisory
- agent/author
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- agent/weakness
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache camel
- version/apache camel/2.20.0
- version/apache camel/2.20.3
- version/apache camel/2.21.0
- version/apache camel/2.21.1
- version/apache camel/2.22.0
- package-manager/maven