Server-Side Template Injection and arbitrary file disclosure on Camel templating components
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Camel | Apache | 2.22.0 | 2.22.5 |
Camel | Apache | 2.23.0 | 2.23.4 |
Camel | Apache | 2.24.0 | 2.24.3 |
Camel | Apache | 2.25.0 | 2.25.0 |
Camel | Apache | 2.25.1 | 2.25.1 |
Camel | Apache | 3.0.0 | 3.3.0 |