[
https://issues.apache.org/jira/browse/AMQ-8455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré resolved AMQ-8455.
---------------------------------------
Resolution: Won't Fix
camel module has been removed from ActiveMQ (main).
> Vulnerable Camel-Core Version (2.25.4) Needs to be upgraded
> -----------------------------------------------------------
>
> Key: AMQ-8455
> URL: https://issues.apache.org/jira/browse/AMQ-8455
> Project: ActiveMQ
> Issue Type: Bug
> Components: AMQP
> Reporter: Shubhangi Raut
> Assignee: Jean-Baptiste Onofré
> Priority: Major
>
>
> We are using activemq-all latest version i.e. 5.16.3. It internally uses
> camel-core version 2.25.4, which shows vulnerable in our aqua scan. It has
> been recommended to upgrade this camel-core to at least 3.2.0 version.
> [7.5] [CVE-2020-11971] [camel-core] [2.25.2]
>
> *Aqua Description :* Apache Camel's JMX is vulnerable to Rebind Flaw. Apache
> Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users
> should upgrade to 3.2.0.
> *Vendor Statement :*
> *Vendor URL :*
> *NVD URL :* [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11971]
> *Fix Version :* 3.2.0
> *Solution :* Upgrade package camel-core to version 3.2.0 or above.
> *Classification :*
> *Publish Date :* 2020-05-14
> *Modification Date :* 2021-02-18
> *First Found Date :* 2021-05-22
> *Aqua Vectors :* CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
> *Aqua Scoring System :* CVSS V3
> *CVE Id :* CVE-2020-11971
> Latest available version for camel-core is
> [https://mvnrepository.com/artifact/org.apache.camel/camel-core/3.14.0] .
> Is it possible to upgrade to this version?{*}{*}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
