[CAMEL-13073] Spring Web Services Security Vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.23.0
Fix Version/s: 3.0.0-M1, 3.0.0
Component/s: camel-spring-ws
Labels:
None

Estimated Complexity:
Unknown

Description

Hi! Pivotal released a security advisory for spring-ws (1) which allows for XXE attacks. The current camel-master repository lists spring-ws with versions 2.4.2 and 3.0.4 which are both vulnerable.

The vulnerability is rated critical. Is any timely update planned?

1) https://pivotal.io/security/cve-2019-3773

Attachments

Activity

People

Assignee:: Andrea Cosentino

Reporter:: Wildcat

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Jan/19 17:11

Updated:: 01/Mar/19 13:23

Resolved:: 20/Feb/19 14:38