CVE-2019-0194

HIGH

Apache Camel < 2.19.0 - Path Traversal

Title source: rule

Description

Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

Exploits (1)

nomisec

by shoucheng3 · poc

https://github.com/shoucheng3/apache__camel_CVE-2019-0194_2-21-44

View on nomisec

References (9)

[Exploit, Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/04/30/2

[Mailing List] https://lists.apache.org/thread.html/0a163d02169d3d361150e8183df4af33f1a3d8a419b2937ac8e6c66f%40%3Cusers.camel.apache.org%3E

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/108181

[Mailing List] https://lists.apache.org/thread.html/0cb842f367336b352a7548e290116b64b78b8e7b99402deaba81a687%40%3Ccommits.camel.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/45e23ade8d3cb754615f95975e89e8dc73c59eeac914f07d53acbac6%40%3Ccommits.camel.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/9a6bc022f7ab28e4894b1831ce336eb41ae6d5c24d86646fe16e956f%40%3Ccommits.camel.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/a39441db574ee996f829344491b3211b53c9ed926f00ae5d88943b76%40%3Cdev.camel.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

Scores

CVSS v3 7.5

EPSS 0.0239

EPSS Percentile 85.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (3)

apache/camel 2.23.0

apache/camel 2.0.0 - 2.19.0

org.apache.camel/camel-core 2.21.0 - 2.21.5Maven

Published Apr 30, 2019

Tracked Since Feb 18, 2026