CVE-2020-11994
First published: Wed Jul 08 2020(Updated: )
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Camel | >=2.22.0<=2.22.5 | |
| Apache Camel | >=2.23.0<=2.23.4 | |
| Apache Camel | >=2.24.0<=2.24.3 | |
| Apache Camel | >=3.0.0<=3.3.0 | |
| Apache Camel | =2.25.0 | |
| Apache Camel | =2.25.1 | |
| Oracle Communications Diameter Signaling Router | >=8.0.0<=8.5.0 | |
| Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
| Oracle Enterprise Repository | =11.1.1.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://camel.apache.org/security/CVE-2020-11994.html
- https://access.redhat.com/errata/RHSA-2020:3587
- https://access.redhat.com/security/cve/cve-2020-11994
- https://access.redhat.com/errata/RHSA-2020:5568
- https://bugzilla.redhat.com/show_bug.cgi?id=1855786
- https://www.cve.org/CVERecord?id=CVE-2020-11994 https://nvd.nist.gov/vuln/detail/CVE-2020-11994
Frequently Asked Questions
What is CVE-2020-11994?
CVE-2020-11994 is a vulnerability that allows for Server-Side Template Injection and arbitrary file disclosure on Camel templating components.
How does CVE-2020-11994 impact data confidentiality?
CVE-2020-11994 poses a high threat to data confidentiality.
What software is affected by CVE-2020-11994?
Camel's templating components are susceptible to CVE-2020-11994.
What is the severity of CVE-2020-11994?
CVE-2020-11994 has a severity value of 7, indicating a high severity.
How can I fix CVE-2020-11994?
Apply the necessary patches or updates provided by the vendor to mitigate CVE-2020-11994.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-11994
- collector/redhat-cve
- vendor/apache
- canonical/apache camel
- version/apache camel/2.22.0
- version/apache camel/2.22.5
- version/apache camel/2.23.0
- version/apache camel/2.23.4
- version/apache camel/2.24.0
- version/apache camel/2.24.3
- version/apache camel/3.0.0
- version/apache camel/3.3.0
- version/apache camel/2.25.0
- version/apache camel/2.25.1
- vendor/oracle
- canonical/oracle communications diameter signaling router
- version/oracle communications diameter signaling router/8.0.0
- version/oracle communications diameter signaling router/8.5.0
- canonical/oracle enterprise manager base platform
- version/oracle enterprise manager base platform/13.4.0.0
- canonical/oracle enterprise repository
- version/oracle enterprise repository/11.1.1.7.0