Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-14640

CVEs in the library dependencies

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.0
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Hi, I found that your project are using some vulnerable dependencies. To prevent potential risk it may cause, I suggest a library update. Here is the details:

      Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.11.0
      CVE ID: [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
      Import Path: components/camel-jetty/pom.xml
      Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6, 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0

      Vulnerable Library Version: org.apache.tomcat.embed : tomcat-embed-core : 8.5.0
      CVE ID: [CVE-2016-0762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762), [CVE-2017-5650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5650), [CVE-2016-6797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6797), [CVE-2017-5647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647), [CVE-2017-5664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664), [CVE-2017-12617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617), [CVE-2016-3092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092), [CVE-2019-0199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199), [CVE-2017-5648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648), [CVE-2019-10072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10072), [CVE-2017-5651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651)
      Import Path: components/camel-servlet/pom.xml
      Suggested Safe Versions: 10.0.0-M1, 8.5.41, 8.5.42, 8.5.43, 8.5.45, 8.5.46, 8.5.47, 8.5.49, 8.5.50, 8.5.51, 9.0.27, 9.0.29, 9.0.30, 9.0.31

      Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.4.4
      CVE ID: [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678)
      Import Path: components/camel-spark/pom.xml
      Suggested Safe Versions: 2.4.5

      Vulnerable Library Version: org.apache.lucene : lucene-core : 3.6.0
      CVE ID: [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
      Import Path: components/camel-jcr/pom.xml
      Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1

      Vulnerable Library Version: org.apache.logging.log4j : log4j-api : 2.7
      CVE ID: [CVE-2017-5645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645)
      Import Path: examples/camel-example-google-pubsub/pom.xml, examples/camel-example-kafka/pom.xml, examples/camel-example-debezium/pom.xml
      Suggested Safe Versions: 2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1, 2.13.0, 2.8.2, 2.9.0, 2.9.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.4
      CVE ID: [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
      Import Path: components/camel-hdfs/pom.xml, components/camel-hbase/pom.xml, components/camel-hbase/pom.xml
      Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.logging.log4j : log4j-core : 2.7
      CVE ID: [CVE-2019-17571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571), [CVE-2017-5645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645)
      Import Path: examples/camel-example-google-pubsub/pom.xml, examples/camel-example-kafka/pom.xml, examples/camel-example-debezium/pom.xml
      Suggested Safe Versions: 2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1, 2.13.0, 2.8.2, 2.9.0, 2.9.1

      Vulnerable Library Version: org.asynchttpclient : async-http-client : 2.0.16
      CVE ID: [CVE-2017-14063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14063)
      Import Path: components/camel-websocket/pom.xml
      Suggested Safe Versions: 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40, 2.1.0, 2.1.0-RC1, 2.1.0-RC2, 2.1.0-RC3, 2.1.0-RC4, 2.1.0-alpha1, 2.1.0-alpha10, 2.1.0-alpha11, 2.1.0-alpha12, 2.1.0-alpha13, 2.1.0-alpha14, 2.1.0-alpha15, 2.1.0-alpha16, 2.1.0-alpha17, 2.1.0-alpha18, 2.1.0-alpha19, 2.1.0-alpha2, 2.1.0-alpha20, 2.1.0-alpha21, 2.1.0-alpha22, 2.1.0-alpha23, 2.1.0-alpha24, 2.1.0-alpha25, 2.1.0-alpha26, 2.1.0-alpha3, 2.1.0-alpha4, 2.1.0-alpha5, 2.1.0-alpha6, 2.1.0-alpha7, 2.1.0-alpha8, 2.1.0-alpha9, 2.1.1, 2.1.2, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.6.0, 2.7.0, 2.8.0, 2.8.1, 2.9.0

      Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1
      CVE ID: [CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577), [CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783), [CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
      Import Path: catalog/camel-catalog-maven/pom.xml, components/camel-elytron/pom.xml, components/camel-weather/pom.xml, components/camel-jetty/pom.xml, components/camel-netty-http/pom.xml, components/camel-spring-ws/pom.xml, components/camel-undertow/pom.xml, tests/camel-itest/pom.xml
      Suggested Safe Versions: 3.0alpha2

      Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.4
      CVE ID: [CVE-2017-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718), [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029), [CVE-2017-15713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
      Import Path: components/camel-hdfs/pom.xml, components/camel-hbase/pom.xml, components/camel-spark/pom.xml
      Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.eclipse.jetty : jetty-server : 9.4.11.v20180605
      CVE ID: [CVE-2019-10247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247)
      Import Path: components/camel-solr/pom.xml
      Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418, 9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120, 9.4.25.v20191220, 9.4.26.v20200117

      Vulnerable Library Version: mysql : mysql-connector-java : 8.0.15
      CVE ID: [CVE-2019-2692](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2692)
      Import Path: components/camel-debezium-mysql/pom.xml
      Suggested Safe Versions: 8.0.16, 8.0.17, 8.0.18, 8.0.19

      Vulnerable Library Version: com.google.guava : guava : 14.0.1
      CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
      Import Path: components/camel-hbase/pom.xml
      Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre

      Vulnerable Library Version: com.google.guava : guava : 19.0
      CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
      Import Path: components/camel-wordpress/pom.xml, components/camel-gora/pom.xml, components/camel-ignite/pom.xml, components/camel-guava-eventbus/pom.xml, tooling/maven/camel-package-maven-plugin/pom.xml
      Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre

      Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.6.7.1
      CVE ID: [CVE-2017-17485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485), [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384), [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439), [CVE-2018-19362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362), [CVE-2018-11307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307), [CVE-2018-14721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721), [CVE-2018-14719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719), [CVE-2018-7489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531), [CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086), [CVE-2017-15095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095), [CVE-2018-14718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814), [CVE-2018-19361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361), [CVE-2018-19360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360), [CVE-2018-14720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942), [CVE-2017-7525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525)
      Import Path: components/camel-spark/pom.xml
      Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3

      Vulnerable Library Version: com.nimbusds : nimbus-jose-jwt : 4.13.1
      CVE ID: [CVE-2019-17195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17195), [CVE-2017-12973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12973), [CVE-2017-12974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12974), [CVE-2017-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12972)
      Import Path: components/camel-elytron/pom.xml
      Suggested Safe Versions: 7.8.1, 7.9, 8.0, 8.1, 8.2, 8.2.1, 8.3, 8.4, 8.4.1, 8.5, 8.5.1, 8.6, 8.7

      Vulnerable Library Version: org.apache.ws.security : wss4j : 1.6.8
      CVE ID: [CVE-2015-0227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0227), [CVE-2014-3623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3623), [CVE-2015-0226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0226)
      Import Path: tests/camel-performance/pom.xml
      Suggested Safe Versions: 1.6.17, 1.6.18, 1.6.19

        Attachments

        1. apache-camel_CVE-report.md
          3 kB
          XuCongying

          Issue Links

            Activity

              People

              • Assignee:
                acosentino Andrea Cosentino
                Reporter:
                XuCY XuCongying
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: