[camel] branch master updated: Added CVE-2019-0194 details

Tue, 30 Apr 2019 03:49:05 -0700 

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/master by this push:
     new b4525b3  Added CVE-2019-0194 details
b4525b3 is described below

commit b4525b37769c46aeebceb27efde98e86d4e4d9c2
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Apr 30 12:47:49 2019 +0200

    Added CVE-2019-0194 details
---
 .../en/security-advisories/CVE-2019-0194.txt.asc   | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0194.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2019-0194.txt.asc
new file mode 100644
index 0000000..ee72e0c
--- /dev/null
+++ b/docs/user-manual/en/security-advisories/CVE-2019-0194.txt.asc
@@ -0,0 +1,27 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+CVE-2019-0194: Apache Camel's File is vulnerable to directory traversal
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Camel 2.21.0 to 2.21.3, Camel 2.22.0 to 2.22.2 and Camel 
2.23.0 The unsupported Camel 2.x (2.19 and earlier) versions may be also 
affected.
+
+Description: Apache Camel's File is vulnerable to directory traversal
+
+Mitigation: 2.21.x users should upgrade to 2.21.5, 2.22.x users should upgrade 
to 2.22.3 and Camel 2.23.x users should upgrade to 2.23.1 The JIRA tickets: 
https://issues.apache.org/jira/browse/CAMEL-13042 refers to the various commits 
that resovoled the issue, and have more details.
+
+Credit: This issue was discovered by Colm O. HEigeartaigh <coheigea at apache 
dot org> from Apache Software Foundation
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+iQEcBAEBAgAGBQJcyCQMAAoJEONOnzgC/0EAoi4H/iqigma2trual75FfCiiJuRz
+HEwjmJ+/aqWwGo5sBY53aDpD2OtCNylmCoRGDEgP3ToAv+WyEgfSXJYPjRJGT1wo
++8DLiHe3m5Z/tJk9sscYPn5s9/4bd+gES16hBWNtTpF/yryvMMS9jgGWglgVHAD3
+wP9AyWV1HVbuf7axW/Q9SS/Tw0pgBfKTVuQrZBmMNpcO/0YTGQR3uIbr8KGpwq3P
+asNvlUgCub3osq4qM5OsjQTvtkGYQfHmnuotavKXuRZbBW18KxCaqcKQPUjOOedG
+SZ5aOhwNLCcXZ4A550FB6QJxAwRG/8SXzwXS90MT5WwFgfJKE3dzRAH2PWEIaxo=
+=u2h4
+-----END PGP SIGNATURE-----

Reply via email to