{"containers": {"cna": {"affected": [{"product": "Apache Camel", "vendor": "Apache", "versions": [{"status": "affected", "version": "Apache Camel versions prior to 2.24.0"}]}], "datePublic": "2019-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed."}], "problemTypes": [{"descriptions": [{"description": "XML external entity injection (XXE)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-20T14:41:59", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "JVN#71498764", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN71498764/index.html"}, {"name": "108422", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108422"}, {"name": "[camel-users] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/00118387610522b107cbdcec5369ddd512b576ff0236a02bfca12f44%40%3Cusers.camel.apache.org%3E"}, {"name": "[oss-security] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/05/24/2"}, {"name": "[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater opened a new pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/84ba9b79e801a4148dde73d1969cdae0247d11ff63de7ce11b394dc5%40%3Ccommits.tamaya.apache.org%3E"}, {"name": "[tamaya-dev] 20190607 [jira] [Created] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/45349f8bd98c1c13a84beddede18fe79b8619ebab99d90f1fb43d7ab%40%3Cdev.tamaya.apache.org%3E"}, {"name": "[tamaya-commits] 20190607 [incubator-tamaya-sandbox] branch master updated: TAMAYA-410 bump camel-core version past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/61601cda2c5f9832184ea14647b0c0589c94126a460c8eb196be1313%40%3Ccommits.tamaya.apache.org%3E"}, {"name": "[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater merged pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/63d1cec8541befeb59dbed23a6b227bdcca7674aa234fb43354dac82%40%3Ccommits.tamaya.apache.org%3E"}, {"name": "[tamaya-dev] 20190607 [jira] [Closed] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/fe74d173689600d9a395d026f0bf5d154c0bf7bd195ecfbc2c987036%40%3Cdev.tamaya.apache.org%3E"}, {"name": "[tamaya-dev] 20190607 [jira] [Commented] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/eed73fc18d4fa3e2341cd0ab101b47f06b16c7efc1cb73791c524c9d%40%3Cdev.tamaya.apache.org%3E"}, {"name": "[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] ottlinger commented on issue #30: TAMAYA-410 bump camel-core version past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/6fefbd90f7fb4c8412d85ea3e9e97a4b76b47e206f502c73c29dc0b7%40%3Ccommits.tamaya.apache.org%3E"}, {"name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2019-0188", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Camel", "version": {"version_data": [{"version_value": "Apache Camel versions prior to 2.24.0"}]}}]}, "vendor_name": "Apache"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XML external entity injection (XXE)"}]}]}, "references": {"reference_data": [{"name": "JVN#71498764", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN71498764/index.html"}, {"name": "108422", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108422"}, {"name": "[camel-users] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/00118387610522b107cbdcec5369ddd512b576ff0236a02bfca12f44@%3Cusers.camel.apache.org%3E"}, {"name": "[oss-security] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/05/24/2"}, {"name": "[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater opened a new pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84ba9b79e801a4148dde73d1969cdae0247d11ff63de7ce11b394dc5@%3Ccommits.tamaya.apache.org%3E"}, {"name": "[tamaya-dev] 20190607 [jira] [Created] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/45349f8bd98c1c13a84beddede18fe79b8619ebab99d90f1fb43d7ab@%3Cdev.tamaya.apache.org%3E"}, {"name": "[tamaya-commits] 20190607 [incubator-tamaya-sandbox] branch master updated: TAMAYA-410 bump camel-core version past CVE-2019-0188", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/61601cda2c5f9832184ea14647b0c0589c94126a460c8eb196be1313@%3Ccommits.tamaya.apache.org%3E"}, {"name": "[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater merged pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/63d1cec8541befeb59dbed23a6b227bdcca7674aa234fb43354dac82@%3Ccommits.tamaya.apache.org%3E"}, {"name": "[tamaya-dev] 20190607 [jira] [Closed] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/fe74d173689600d9a395d026f0bf5d154c0bf7bd195ecfbc2c987036@%3Cdev.tamaya.apache.org%3E"}, {"name": "[tamaya-dev] 20190607 [jira] [Commented] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/eed73fc18d4fa3e2341cd0ab101b47f06b16c7efc1cb73791c524c9d@%3Cdev.tamaya.apache.org%3E"}, {"name": "[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] ottlinger commented on issue #30: TAMAYA-410 bump camel-core version past CVE-2019-0188", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6fefbd90f7fb4c8412d85ea3e9e97a4b76b47e206f502c73c29dc0b7@%3Ccommits.tamaya.apache.org%3E"}, {"name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc", "refsource": "CONFIRM", "url": "https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:44:14.864Z"}, "title": "CVE Program Container", "references": [{"name": "JVN#71498764", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "http://jvn.jp/en/jp/JVN71498764/index.html"}, {"name": "108422", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108422"}, {"name": "[camel-users] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/00118387610522b107cbdcec5369ddd512b576ff0236a02bfca12f44%40%3Cusers.camel.apache.org%3E"}, {"name": "[oss-security] 20190524 [SECURITY][ERRATA-CORRIGE] New security advisory CVE-2019-0188 released for Apache Camel", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/05/24/2"}, {"name": "[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater opened a new pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/84ba9b79e801a4148dde73d1969cdae0247d11ff63de7ce11b394dc5%40%3Ccommits.tamaya.apache.org%3E"}, {"name": "[tamaya-dev] 20190607 [jira] [Created] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/45349f8bd98c1c13a84beddede18fe79b8619ebab99d90f1fb43d7ab%40%3Cdev.tamaya.apache.org%3E"}, {"name": "[tamaya-commits] 20190607 [incubator-tamaya-sandbox] branch master updated: TAMAYA-410 bump camel-core version past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/61601cda2c5f9832184ea14647b0c0589c94126a460c8eb196be1313%40%3Ccommits.tamaya.apache.org%3E"}, {"name": "[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] peculater merged pull request #30: TAMAYA-410 bump camel-core version past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/63d1cec8541befeb59dbed23a6b227bdcca7674aa234fb43354dac82%40%3Ccommits.tamaya.apache.org%3E"}, {"name": "[tamaya-dev] 20190607 [jira] [Closed] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/fe74d173689600d9a395d026f0bf5d154c0bf7bd195ecfbc2c987036%40%3Cdev.tamaya.apache.org%3E"}, {"name": "[tamaya-dev] 20190607 [jira] [Commented] (TAMAYA-410) Update camel-core dependency past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/eed73fc18d4fa3e2341cd0ab101b47f06b16c7efc1cb73791c524c9d%40%3Cdev.tamaya.apache.org%3E"}, {"name": "[tamaya-commits] 20190607 [GitHub] [incubator-tamaya-sandbox] ottlinger commented on issue #30: TAMAYA-410 bump camel-core version past CVE-2019-0188", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/6fefbd90f7fb4c8412d85ea3e9e97a4b76b47e206f502c73c29dc0b7%40%3Ccommits.tamaya.apache.org%3E"}, {"name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-0188", "datePublished": "2019-05-28T18:10:08", "dateReserved": "2018-11-14T00:00:00", "dateUpdated": "2024-08-04T17:44:14.864Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C384491-A9A8-441F-B386-10C380474E8A", "versionEndExcluding": "2.24.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DCC2C59-BB9B-4BD2-80A4-33B72737FA10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed."}, {"lang": "es", "value": "Apache Camel en versiones anteriores a la 2.24.0 contiene una vulnerabilidad de XML external entity injection (XXE) (CWE-611) debido al uso de una biblioteca JSON-lib obsoleta y vulnerable. Esto afecta solo al componente Camel-xmljson, que se elimin\u00f3."}], "id": "CVE-2019-0188", "lastModified": "2023-11-07T03:01:46.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-28T19:29:02.550", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://jvn.jp/en/jp/JVN71498764/index.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/05/24/2"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108422"}, {"source": "security@apache.org", "tags": ["Broken Link"], "url": "https://github.com/apache/camel/blob/master/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/00118387610522b107cbdcec5369ddd512b576ff0236a02bfca12f44%40%3Cusers.camel.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/45349f8bd98c1c13a84beddede18fe79b8619ebab99d90f1fb43d7ab%40%3Cdev.tamaya.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/61601cda2c5f9832184ea14647b0c0589c94126a460c8eb196be1313%40%3Ccommits.tamaya.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/63d1cec8541befeb59dbed23a6b227bdcca7674aa234fb43354dac82%40%3Ccommits.tamaya.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/6fefbd90f7fb4c8412d85ea3e9e97a4b76b47e206f502c73c29dc0b7%40%3Ccommits.tamaya.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/84ba9b79e801a4148dde73d1969cdae0247d11ff63de7ce11b394dc5%40%3Ccommits.tamaya.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/eed73fc18d4fa3e2341cd0ab101b47f06b16c7efc1cb73791c524c9d%40%3Cdev.tamaya.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/fe74d173689600d9a395d026f0bf5d154c0bf7bd195ecfbc2c987036%40%3Cdev.tamaya.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "camel-xmljson: XML external entity injection vulnerability inoutdated JSON-lib library", "id": "1719519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719519"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-611", "details": ["Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed."], "name": "CVE-2019-0188", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "camel-xmljson", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "camel-xmljson", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "camel-xmljson", "product_name": "Red Hat JBoss Fuse Service Works 6"}], "public_date": "2019-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-0188\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0188\nhttps://github.com/apache/camel/blob/6a51420aa6a2846fda2d8a13d99271ad16bce651/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc"], "threat_severity": "Moderate", "upstream_fix": "camel-xmljson 2.24.0"}