cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-22371,https://securityvulnerability.io/vulnerability/CVE-2024-22371,Sensitive Data Exposure Vulnerability in Apache Camel,"Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.

Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

",Apache,Apache Camel,2.9,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-26T09:22:38.384Z,0
CVE-2024-23114,https://securityvulnerability.io/vulnerability/CVE-2024-23114,Deserialization of Untrusted Data Vulnerability,"Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.

Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

",Apache,Apache Camel,,,0.0004299999854993075,false,,false,false,true,2024-10-28T02:29:38.000Z,true,false,false,,2024-02-20T14:59:38.326Z,0
CVE-2024-22369,https://securityvulnerability.io/vulnerability/CVE-2024-22369,Deserialization of Untrusted Data vulnerability,"Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.

Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

",Apache,Apache Camel,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-20T14:58:36.291Z,0
CVE-2023-34442,https://securityvulnerability.io/vulnerability/CVE-2023-34442,Apache Camel JIRA: Temporary file information disclosure in Camel-Jira,"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3.

Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1
",Apache,Apache Camel Jira,3.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-07-10T16:15:00.000Z,0
CVE-2020-11994,https://securityvulnerability.io/vulnerability/CVE-2020-11994,,Server-Side Template Injection and arbitrary file disclosure on Camel templating components,Apache,Apache Camel,7.5,HIGH,0.005319999996572733,false,,false,false,false,,,false,false,,2020-07-08T15:13:02.000Z,0
CVE-2020-11972,https://securityvulnerability.io/vulnerability/CVE-2020-11972,,"Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.",Apache,Apache Camel,9.8,CRITICAL,0.008910000324249268,false,,false,false,false,,,false,false,,2020-05-14T16:26:03.000Z,0
CVE-2020-11973,https://securityvulnerability.io/vulnerability/CVE-2020-11973,,"Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.",Apache,Apache Camel,9.8,CRITICAL,0.019139999523758888,false,,false,false,false,,,false,false,,2020-05-14T16:22:23.000Z,0
CVE-2020-11971,https://securityvulnerability.io/vulnerability/CVE-2020-11971,,"Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.",Apache,Apache Camel,7.5,HIGH,0.0013299999991431832,false,,false,false,false,,,false,false,,2020-05-14T16:18:41.000Z,0
CVE-2019-0188,https://securityvulnerability.io/vulnerability/CVE-2019-0188,,"Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.",Apache,Apache Camel,7.5,HIGH,0.005049999803304672,false,,false,false,false,,,false,false,,2019-05-28T18:10:08.000Z,0
CVE-2019-0194,https://securityvulnerability.io/vulnerability/CVE-2019-0194,,"Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.",Apache,Apache Camel,7.5,HIGH,0.09686999768018723,false,,false,false,false,,,false,false,,2019-04-30T21:30:42.000Z,0
CVE-2018-8041,https://securityvulnerability.io/vulnerability/CVE-2018-8041,,"Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.",Apache,Apache Camel,5.3,MEDIUM,0.00343000004068017,false,,false,false,false,,,false,false,,2018-09-17T14:29:00.000Z,0
CVE-2018-8027,https://securityvulnerability.io/vulnerability/CVE-2018-8027,,Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.,Apache,Apache Camel,9.8,CRITICAL,0.012769999913871288,false,,false,false,false,,,false,false,,2018-07-31T00:00:00.000Z,0
CVE-2017-12634,https://securityvulnerability.io/vulnerability/CVE-2017-12634,,The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.,Apache,Apache Camel,9.8,CRITICAL,0.007089999970048666,false,,false,false,false,,,false,false,,2017-11-15T00:00:00.000Z,0
CVE-2017-12633,https://securityvulnerability.io/vulnerability/CVE-2017-12633,,The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.,Apache,Apache Camel,9.8,CRITICAL,0.005270000081509352,false,,false,false,false,,,false,false,,2017-11-15T00:00:00.000Z,0
CVE-2016-8749,https://securityvulnerability.io/vulnerability/CVE-2016-8749,,Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.,Apache,Apache Camel,9.8,CRITICAL,0.04707000032067299,false,,false,false,false,,,false,false,,2017-03-28T18:00:00.000Z,0
CVE-2017-5643,https://securityvulnerability.io/vulnerability/CVE-2017-5643,,Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.,Apache,Apache Camel,7.4,HIGH,0.004819999914616346,false,,false,false,false,,,false,false,,2017-03-16T15:00:00.000Z,0
CVE-2017-3159,https://securityvulnerability.io/vulnerability/CVE-2017-3159,,Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws.,Apache,Apache Camel,9.8,CRITICAL,0.016780000180006027,false,,false,false,false,,,false,false,,2017-03-07T15:00:00.000Z,0