| title | date | url | draft | type | cve | severity | summary | description | mitigation | credit | affected | fixed |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Apache Camel Security Advisory - CVE-2020-11994 |
2020-07-08 08:47:42 +0200 |
/security/CVE-2020-11994.html |
false |
security-advisory |
CVE-2020-11994 |
MEDIUM |
Server-Side Template Injection and arbitrary file disclosure on Camel templating components |
Server-Side Template Injection and arbitrary file disclosure on Camel templating components |
2.x users should upgrade to 2.25.2, 3.x users should upgrade to 3.4.0 |
This issue was discovered by GHSL team member @pwntester (Alvaro Muñoz) |
2.22.x, 2.23.x, 2.24.x, 2.25.0 and 2.25.1, 3.0.0 up to 3.3.0 |
2.25.2, 3.4.0 |
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-15013 and https://issues.apache.org/jira/browse/CAMEL-15050 refers to the various commits that resovoled the issue, and have more details.