GSD-2019-0194
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-0194",
"description": "Apache Camel\u0027s File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.",
"id": "GSD-2019-0194",
"references": [
"https://access.redhat.com/errata/RHSA-2019:0910"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-0194"
],
"details": "Apache Camel\u0027s File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.",
"id": "GSD-2019-0194",
"modified": "2023-12-13T01:23:39.395645Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Camel",
"version": {
"version_data": [
{
"version_value": "Camel 2.21.0 to 2.21.3"
},
{
"version_value": "Camel 2.22.0 to 2.22.2 and Camel 2.23.0 The unsupported Camel 2.x (2.19 and earlier) versions may be also affected."
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Camel\u0027s File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[camel-commits] 20190430 [camel] branch master updated: Added CVE-2019-0194 details",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/45e23ade8d3cb754615f95975e89e8dc73c59eeac914f07d53acbac6@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-users] 20190430 [SECURITY] New security advisory CVE-2019-0194 released for Apache Camel",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0a163d02169d3d361150e8183df4af33f1a3d8a419b2937ac8e6c66f@%3Cusers.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[oss-security] 20190430 [SECURITY] New security advisory CVE-2019-0194 released for Apache Camel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/2"
},
{
"name": "https://lists.apache.org/thread.html/a39441db574ee996f829344491b3211b53c9ed926f00ae5d88943b76@%3Cdev.camel.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/a39441db574ee996f829344491b3211b53c9ed926f00ae5d88943b76@%3Cdev.camel.apache.org%3E"
},
{
"name": "108181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108181"
},
{
"name": "[camel-commits] 20190524 [camel] branch master updated: Added security advisory for CVE-2019-0188",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0cb842f367336b352a7548e290116b64b78b8e7b99402deaba81a687@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 [camel] 02/02: CVE-2019-0188 - Changed the title in security advisories",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9a6bc022f7ab28e4894b1831ce336eb41ae6d5c24d86646fe16e956f@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[2.0.0,2.19.0],[2.21.0,2.21.3],[2.22.0,2.22.2],[2.23.0]",
"affected_versions": "All versions starting from 2.0.0 up to 2.19.0, all versions starting from 2.21.0 up to 2.21.3, all versions starting from 2.22.0 up to 2.22.2, version 2.23.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2019-05-24",
"description": "Apache Camel\u0027s File is vulnerable to directory traversal.",
"fixed_versions": [
"2.19.1",
"2.21.4",
"2.22.3",
"2.23.1"
],
"identifier": "CVE-2019-0194",
"identifiers": [
"CVE-2019-0194"
],
"not_impacted": "All versions before 2.0.0, all versions after 2.19.0 before 2.21.0, all versions after 2.21.3 before 2.22.0, all versions after 2.22.2 before 2.23.0, all versions after 2.23.0",
"package_slug": "maven/org.apache.camel/camel-core",
"pubdate": "2019-04-30",
"solution": "Upgrade to versions 2.19.1, 2.21.4, 2.22.3, 2.23.1 or above.",
"title": "Path Traversal",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-0194"
],
"uuid": "5a6f7d68-228e-4fe6-ba25-fd47ee710c90"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:camel:2.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.21.3",
"versionStartIncluding": "2.21.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.22.2",
"versionStartIncluding": "2.22.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.19.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0194"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache Camel\u0027s File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Exploit",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/a39441db574ee996f829344491b3211b53c9ed926f00ae5d88943b76@%3Cdev.camel.apache.org%3E",
"refsource": "MISC",
"tags": [
"Mailing List",
"Exploit",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/a39441db574ee996f829344491b3211b53c9ed926f00ae5d88943b76@%3Cdev.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190430 [camel] branch master updated: Added CVE-2019-0194 details",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/45e23ade8d3cb754615f95975e89e8dc73c59eeac914f07d53acbac6@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-users] 20190430 [SECURITY] New security advisory CVE-2019-0194 released for Apache Camel",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Exploit",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/0a163d02169d3d361150e8183df4af33f1a3d8a419b2937ac8e6c66f@%3Cusers.camel.apache.org%3E"
},
{
"name": "[oss-security] 20190430 [SECURITY] New security advisory CVE-2019-0194 released for Apache Camel",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Exploit",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/2"
},
{
"name": "108181",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/108181"
},
{
"name": "[camel-commits] 20190524 [camel] 02/02: CVE-2019-0188 - Changed the title in security advisories",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/9a6bc022f7ab28e4894b1831ce336eb41ae6d5c24d86646fe16e956f@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 [camel] branch master updated: Added security advisory for CVE-2019-0188",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/0cb842f367336b352a7548e290116b64b78b8e7b99402deaba81a687@%3Ccommits.camel.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-05-24T11:29Z",
"publishedDate": "2019-04-30T22:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…