Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-13073

Spring Web Services Security Vulnerability

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.23.0
    • 3.0.0-M1, 3.0.0
    • camel-spring-ws
    • None
    • Unknown

    Description

      Hi! Pivotal released a security advisory for spring-ws (1) which allows for XXE attacks. The current camel-master repository lists spring-ws with versions 2.4.2 and 3.0.4 which are both vulnerable.

      The vulnerability is rated critical. Is any timely update planned?

      1) https://pivotal.io/security/cve-2019-3773

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            acosentino Andrea Cosentino
            Wildcat Wildcat
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment