GHSA-hfg5-xpvw-c9x4

Suggest an improvement
Source
https://github.com/advisories/GHSA-hfg5-xpvw-c9x4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-hfg5-xpvw-c9x4/GHSA-hfg5-xpvw-c9x4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hfg5-xpvw-c9x4
Aliases
Published
2021-05-21T19:20:30Z
Modified
2024-03-09T05:16:40.487950Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Improper Input Validation in Apache Camel
Details

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel users should upgrade to 3.2.0.

Database specific 
{
    "nvd_published_at": "2020-05-14T17:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T18:54:08Z"
}
References

Affected packages

Maven / org.apache.camel:camel

Package

Name
org.apache.camel:camel
View open source insights on deps.dev
Purl
pkg:maven/org.apache.camel/camel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.0

Affected versions

1.*

1.6.2
1.6.3
1.6.4

2.*

2.0-M3
2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.9.0-RC1
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.14.0
2.14.1
2.14.2
2.14.3
2.14.4
2.15.0
2.15.1
2.15.2
2.15.3
2.15.4
2.15.5
2.15.6
2.16.0
2.16.1
2.16.2
2.16.3
2.16.4
2.16.5
2.17.0
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.17.6
2.17.7
2.18.0
2.18.1
2.18.2
2.18.3
2.18.4
2.18.5
2.19.0
2.19.1
2.19.2
2.19.3
2.19.4
2.19.5
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.21.0
2.21.1
2.21.2
2.21.3
2.21.4
2.21.5
2.22.0
2.22.1
2.22.2
2.22.3
2.22.4
2.22.5
2.23.0
2.23.1
2.23.2
2.23.3
2.23.4
2.24.0
2.24.1
2.24.2
2.24.3
2.25.0
2.25.1
2.25.2
2.25.3
2.25.4

3.*

3.0.0-M1
3.0.0-M2
3.0.0-M3
3.0.0-M4
3.0.0-RC1
3.0.0-RC2
3.0.0-RC3
3.0.0
3.0.1
3.1.0

Maven / org.apache.camel:camel-core

Package

Name
org.apache.camel:camel-core
View open source insights on deps.dev
Purl
pkg:maven/org.apache.camel/camel-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.0

Affected versions

1.*

1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4

2.*

2.0-M1
2.0-M2
2.0-M3
2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.9.0-RC1
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.14.0
2.14.1
2.14.2
2.14.3
2.14.4
2.15.0
2.15.1
2.15.2
2.15.3
2.15.4
2.15.5
2.15.6
2.16.0
2.16.1
2.16.2
2.16.3
2.16.4
2.16.5
2.17.0
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.17.6
2.17.7
2.18.0
2.18.1
2.18.2
2.18.3
2.18.4
2.18.5
2.19.0
2.19.1
2.19.2
2.19.3
2.19.4
2.19.5
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.21.0
2.21.1
2.21.2
2.21.3
2.21.4
2.21.5
2.22.0
2.22.1
2.22.2
2.22.3
2.22.4
2.22.5
2.23.0
2.23.1
2.23.2
2.23.3
2.23.4
2.24.0
2.24.1
2.24.2
2.24.3
2.25.0
2.25.1
2.25.2
2.25.3
2.25.4

3.*

3.0.0-M1
3.0.0-M2
3.0.0-M3
3.0.0-M4
3.0.0-RC1
3.0.0-RC2
3.0.0-RC3
3.0.0
3.0.1
3.1.0

Maven / org.apache.camel:camel-management

Package

Name
org.apache.camel:camel-management
View open source insights on deps.dev
Purl
pkg:maven/org.apache.camel/camel-management

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.0

Affected versions

3.*

3.0.0-RC2
3.0.0-RC3
3.0.0
3.0.1
3.1.0