[
https://issues.apache.org/jira/browse/CAMEL-14640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17049370#comment-17049370
]
Claus Ibsen edited comment on CAMEL-14640 at 3/27/20, 10:45 AM:
----------------------------------------------------------------
Status will be reported here
-Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.11.0-
CVE ID:
[CVE-2018-20200]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200])
Import Path: components/camel-jetty/pom.xml
Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6,
3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5,
3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02,
4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
-Vulnerable Library Version: org.apache.tomcat.embed : tomcat-embed-core :
8.5.0-
CVE ID:
[CVE-2016-0762]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762]),
[CVE-2017-5650]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5650]),
[CVE-2016-6797]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6797]),
[CVE-2017-5647]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647]),
[CVE-2017-5664]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664]),
[CVE-2017-12617]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617]),
[CVE-2016-3092]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092]),
[CVE-2019-0199]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199]),
[CVE-2017-5648]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648]),
[CVE-2019-10072]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10072]),
[CVE-2017-5651]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651])
Import Path: components/camel-servlet/pom.xml
Suggested Safe Versions: 10.0.0-M1, 8.5.41, 8.5.42, 8.5.43, 8.5.45, 8.5.46,
8.5.47, 8.5.49, 8.5.50, 8.5.51, 9.0.27, 9.0.29, 9.0.30, 9.0.31
-Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.4.4-
CVE ID:
[CVE-2017-7678]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678])
Import Path: components/camel-spark/pom.xml
Suggested Safe Versions: 2.4.5
Vulnerable Library Version: org.apache.lucene : lucene-core : 3.6.0
CVE ID:
[CVE-2017-3163]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163])
Import Path: components/camel-jcr/pom.xml
Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2,
6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1,
7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0,
8.3.1, 8.4.0, 8.4.1
-Vulnerable Library Version: org.apache.logging.log4j : log4j-api : 2.7-
CVE ID:
[CVE-2017-5645]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645])
Import Path: examples/camel-example-google-pubsub/pom.xml,
examples/camel-example-kafka/pom.xml, examples/camel-example-debezium/pom.xml
Suggested Safe Versions: 2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1,
2.13.0, 2.8.2, 2.9.0, 2.9.1
-Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.4-
CVE ID:
[CVE-2018-11768]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768])
Import Path: components/camel-hdfs/pom.xml, components/camel-hbase/pom.xml,
components/camel-hbase/pom.xml
Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
-Vulnerable Library Version: org.apache.logging.log4j : log4j-core : 2.7-
CVE ID:
[CVE-2019-17571]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]),
[CVE-2017-5645]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645])
Import Path: examples/camel-example-google-pubsub/pom.xml,
examples/camel-example-kafka/pom.xml, examples/camel-example-debezium/pom.xml
Suggested Safe Versions: 2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1,
2.13.0, 2.8.2, 2.9.0, 2.9.1
-Vulnerable Library Version: org.asynchttpclient : async-http-client : 2.0.16-
CVE ID:
[CVE-2017-14063]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14063])
Import Path: components/camel-websocket/pom.xml
Suggested Safe Versions: 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40,
2.1.0, 2.1.0-RC1, 2.1.0-RC2, 2.1.0-RC3, 2.1.0-RC4, 2.1.0-alpha1, 2.1.0-alpha10,
2.1.0-alpha11, 2.1.0-alpha12, 2.1.0-alpha13, 2.1.0-alpha14, 2.1.0-alpha15,
2.1.0-alpha16, 2.1.0-alpha17, 2.1.0-alpha18, 2.1.0-alpha19, 2.1.0-alpha2,
2.1.0-alpha20, 2.1.0-alpha21, 2.1.0-alpha22, 2.1.0-alpha23, 2.1.0-alpha24,
2.1.0-alpha25, 2.1.0-alpha26, 2.1.0-alpha3, 2.1.0-alpha4, 2.1.0-alpha5,
2.1.0-alpha6, 2.1.0-alpha7, 2.1.0-alpha8, 2.1.0-alpha9, 2.1.1, 2.1.2, 2.10.0,
2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.4.1,
2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.5.0, 2.5.1, 2.5.2,
2.5.3, 2.5.4, 2.6.0, 2.7.0, 2.8.0, 2.8.1, 2.9.0
-Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1-
CVE ID:
[CVE-2014-3577]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577]),
[CVE-2012-5783]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783]),
[CVE-2012-6153]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153])
Import Path: catalog/camel-catalog-maven/pom.xml,
components/camel-elytron/pom.xml, components/camel-weather/pom.xml,
components/camel-jetty/pom.xml, components/camel-netty-http/pom.xml,
components/camel-spring-ws/pom.xml, components/camel-undertow/pom.xml,
tests/camel-itest/pom.xml
Suggested Safe Versions: 3.0alpha2
-Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.4-
CVE ID:
[CVE-2017-15718]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718]),
[CVE-2018-8029]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029]),
[CVE-2017-15713]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713]),
[CVE-2018-8009]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009])
Import Path: components/camel-hdfs/pom.xml, components/camel-hbase/pom.xml,
components/camel-spark/pom.xml
Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.eclipse.jetty : jetty-server : 9.4.11.v20180605
CVE ID:
[CVE-2019-10247]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247])
Import Path: components/camel-solr/pom.xml
Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418,
9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120,
9.4.25.v20191220, 9.4.26.v20200117
-Vulnerable Library Version: mysql : mysql-connector-java : 8.0.15-
CVE ID:
[CVE-2019-2692]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2692])
Import Path: components/camel-debezium-mysql/pom.xml
Suggested Safe Versions: 8.0.16, 8.0.17, 8.0.18, 8.0.19
-Vulnerable Library Version: com.google.guava : guava : 14.0.1-
CVE ID:
[CVE-2018-10237]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237])
Import Path: components/camel-hbase/pom.xml
Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre,
25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre,
27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre,
28.1-android, 28.1-jre, 28.2-android, 28.2-jre
-Vulnerable Library Version: com.google.guava : guava : 19.0-
CVE ID:
[CVE-2018-10237]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237])
Import Path: components/camel-wordpress/pom.xml,
components/camel-gora/pom.xml, components/camel-ignite/pom.xml,
components/camel-guava-eventbus/pom.xml,
tooling/maven/camel-package-maven-plugin/pom.xml
Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre,
25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre,
27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre,
28.1-android, 28.1-jre, 28.2-android, 28.2-jre
-Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
2.6.7.1-
CVE ID:
[CVE-2017-17485]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485]),
[CVE-2020-8840]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840]),
[CVE-2019-20330]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330]),
[CVE-2019-12384]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384]),
[CVE-2019-14439]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439]),
[CVE-2018-19362]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362]),
[CVE-2018-11307]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307]),
[CVE-2018-14721]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721]),
[CVE-2018-14719]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719]),
[CVE-2018-7489]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489]),
[CVE-2019-17531]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531]),
[CVE-2019-12086]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086]),
[CVE-2017-15095]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095]),
[CVE-2018-14718]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718]),
[CVE-2019-16943]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943]),
[CVE-2019-12814]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814]),
[CVE-2018-19361]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361]),
[CVE-2018-19360]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360]),
[CVE-2018-14720]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720]),
[CVE-2019-16942]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942]),
[CVE-2017-7525]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525])
Import Path: components/camel-spark/pom.xml
Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
-Vulnerable Library Version: com.nimbusds : nimbus-jose-jwt : 4.13.1-
CVE ID:
[CVE-2019-17195]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17195]),
[CVE-2017-12973]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12973]),
[CVE-2017-12974]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12974]),
[CVE-2017-12972]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12972])
Import Path: components/camel-elytron/pom.xml
Suggested Safe Versions: 7.8.1, 7.9, 8.0, 8.1, 8.2, 8.2.1, 8.3, 8.4, 8.4.1,
8.5, 8.5.1, 8.6, 8.7
-Vulnerable Library Version: org.apache.ws.security : wss4j : 1.6.8-
CVE ID:
[CVE-2015-0227]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0227]),
[CVE-2014-3623]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3623]),
[CVE-2015-0226]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0226])
Import Path: tests/camel-performance/pom.xml
Suggested Safe Versions: 1.6.17, 1.6.18, 1.6.19
was (Author: ancosen):
Status will be reported here
-Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.11.0-
CVE ID:
[CVE-2018-20200]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200])
Import Path: components/camel-jetty/pom.xml
Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6,
3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5,
3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01, 4.0.0-alpha02,
4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
-Vulnerable Library Version: org.apache.tomcat.embed : tomcat-embed-core :
8.5.0-
CVE ID:
[CVE-2016-0762]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762]),
[CVE-2017-5650]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5650]),
[CVE-2016-6797]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6797]),
[CVE-2017-5647]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647]),
[CVE-2017-5664]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664]),
[CVE-2017-12617]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617]),
[CVE-2016-3092]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092]),
[CVE-2019-0199]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199]),
[CVE-2017-5648]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648]),
[CVE-2019-10072]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10072]),
[CVE-2017-5651]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651])
Import Path: components/camel-servlet/pom.xml
Suggested Safe Versions: 10.0.0-M1, 8.5.41, 8.5.42, 8.5.43, 8.5.45, 8.5.46,
8.5.47, 8.5.49, 8.5.50, 8.5.51, 9.0.27, 9.0.29, 9.0.30, 9.0.31
-Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.4.4-
CVE ID:
[CVE-2017-7678]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678])
Import Path: components/camel-spark/pom.xml
Suggested Safe Versions: 2.4.5
Vulnerable Library Version: org.apache.lucene : lucene-core : 3.6.0
CVE ID:
[CVE-2017-3163]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163])
Import Path: components/camel-jcr/pom.xml
Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2,
6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1,
7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0,
8.3.1, 8.4.0, 8.4.1
-Vulnerable Library Version: org.apache.logging.log4j : log4j-api : 2.7-
CVE ID:
[CVE-2017-5645]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645])
Import Path: examples/camel-example-google-pubsub/pom.xml,
examples/camel-example-kafka/pom.xml, examples/camel-example-debezium/pom.xml
Suggested Safe Versions: 2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1,
2.13.0, 2.8.2, 2.9.0, 2.9.1
Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.4
CVE ID:
[CVE-2018-11768]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768])
Import Path: components/camel-hdfs/pom.xml, components/camel-hbase/pom.xml,
components/camel-hbase/pom.xml
Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
-Vulnerable Library Version: org.apache.logging.log4j : log4j-core : 2.7-
CVE ID:
[CVE-2019-17571]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]),
[CVE-2017-5645]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645])
Import Path: examples/camel-example-google-pubsub/pom.xml,
examples/camel-example-kafka/pom.xml, examples/camel-example-debezium/pom.xml
Suggested Safe Versions: 2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1,
2.13.0, 2.8.2, 2.9.0, 2.9.1
-Vulnerable Library Version: org.asynchttpclient : async-http-client : 2.0.16-
CVE ID:
[CVE-2017-14063]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14063])
Import Path: components/camel-websocket/pom.xml
Suggested Safe Versions: 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40,
2.1.0, 2.1.0-RC1, 2.1.0-RC2, 2.1.0-RC3, 2.1.0-RC4, 2.1.0-alpha1, 2.1.0-alpha10,
2.1.0-alpha11, 2.1.0-alpha12, 2.1.0-alpha13, 2.1.0-alpha14, 2.1.0-alpha15,
2.1.0-alpha16, 2.1.0-alpha17, 2.1.0-alpha18, 2.1.0-alpha19, 2.1.0-alpha2,
2.1.0-alpha20, 2.1.0-alpha21, 2.1.0-alpha22, 2.1.0-alpha23, 2.1.0-alpha24,
2.1.0-alpha25, 2.1.0-alpha26, 2.1.0-alpha3, 2.1.0-alpha4, 2.1.0-alpha5,
2.1.0-alpha6, 2.1.0-alpha7, 2.1.0-alpha8, 2.1.0-alpha9, 2.1.1, 2.1.2, 2.10.0,
2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.4.1,
2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.5.0, 2.5.1, 2.5.2,
2.5.3, 2.5.4, 2.6.0, 2.7.0, 2.8.0, 2.8.1, 2.9.0
-Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1-
CVE ID:
[CVE-2014-3577]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577]),
[CVE-2012-5783]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783]),
[CVE-2012-6153]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153])
Import Path: catalog/camel-catalog-maven/pom.xml,
components/camel-elytron/pom.xml, components/camel-weather/pom.xml,
components/camel-jetty/pom.xml, components/camel-netty-http/pom.xml,
components/camel-spring-ws/pom.xml, components/camel-undertow/pom.xml,
tests/camel-itest/pom.xml
Suggested Safe Versions: 3.0alpha2
-Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.4-
CVE ID:
[CVE-2017-15718]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718]),
[CVE-2018-8029]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029]),
[CVE-2017-15713]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713]),
[CVE-2018-8009]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009])
Import Path: components/camel-hdfs/pom.xml, components/camel-hbase/pom.xml,
components/camel-spark/pom.xml
Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.eclipse.jetty : jetty-server : 9.4.11.v20180605
CVE ID:
[CVE-2019-10247]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247])
Import Path: components/camel-solr/pom.xml
Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418,
9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120,
9.4.25.v20191220, 9.4.26.v20200117
-Vulnerable Library Version: mysql : mysql-connector-java : 8.0.15-
CVE ID:
[CVE-2019-2692]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2692])
Import Path: components/camel-debezium-mysql/pom.xml
Suggested Safe Versions: 8.0.16, 8.0.17, 8.0.18, 8.0.19
-Vulnerable Library Version: com.google.guava : guava : 14.0.1-
CVE ID:
[CVE-2018-10237]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237])
Import Path: components/camel-hbase/pom.xml
Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre,
25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre,
27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre,
28.1-android, 28.1-jre, 28.2-android, 28.2-jre
-Vulnerable Library Version: com.google.guava : guava : 19.0-
CVE ID:
[CVE-2018-10237]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237])
Import Path: components/camel-wordpress/pom.xml,
components/camel-gora/pom.xml, components/camel-ignite/pom.xml,
components/camel-guava-eventbus/pom.xml,
tooling/maven/camel-package-maven-plugin/pom.xml
Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre,
25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre,
27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre,
28.1-android, 28.1-jre, 28.2-android, 28.2-jre
-Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
2.6.7.1-
CVE ID:
[CVE-2017-17485]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485]),
[CVE-2020-8840]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840]),
[CVE-2019-20330]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330]),
[CVE-2019-12384]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384]),
[CVE-2019-14439]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439]),
[CVE-2018-19362]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362]),
[CVE-2018-11307]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307]),
[CVE-2018-14721]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721]),
[CVE-2018-14719]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719]),
[CVE-2018-7489]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489]),
[CVE-2019-17531]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531]),
[CVE-2019-12086]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086]),
[CVE-2017-15095]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095]),
[CVE-2018-14718]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718]),
[CVE-2019-16943]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943]),
[CVE-2019-12814]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814]),
[CVE-2018-19361]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361]),
[CVE-2018-19360]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360]),
[CVE-2018-14720]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720]),
[CVE-2019-16942]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942]),
[CVE-2017-7525]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525])
Import Path: components/camel-spark/pom.xml
Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
-Vulnerable Library Version: com.nimbusds : nimbus-jose-jwt : 4.13.1-
CVE ID:
[CVE-2019-17195]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17195]),
[CVE-2017-12973]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12973]),
[CVE-2017-12974]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12974]),
[CVE-2017-12972]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12972])
Import Path: components/camel-elytron/pom.xml
Suggested Safe Versions: 7.8.1, 7.9, 8.0, 8.1, 8.2, 8.2.1, 8.3, 8.4, 8.4.1,
8.5, 8.5.1, 8.6, 8.7
-Vulnerable Library Version: org.apache.ws.security : wss4j : 1.6.8-
CVE ID:
[CVE-2015-0227]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0227]),
[CVE-2014-3623]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3623]),
[CVE-2015-0226]([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0226])
Import Path: tests/camel-performance/pom.xml
Suggested Safe Versions: 1.6.17, 1.6.18, 1.6.19
> CVEs in the library dependencies
> --------------------------------
>
> Key: CAMEL-14640
> URL: https://issues.apache.org/jira/browse/CAMEL-14640
> Project: Camel
> Issue Type: Task
> Reporter: XuCongying
> Assignee: Andrea Cosentino
> Priority: Major
> Attachments: apache-camel_CVE-report.md
>
>
> Hi, I found that your project are using some vulnerable dependencies. To
> prevent potential risk it may cause, I suggest a library update. Here is the
> details:
> Vulnerable Library Version: com.squareup.okhttp3 : okhttp : 3.11.0
> CVE ID:
> [CVE-2018-20200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20200)
> Import Path: components/camel-jetty/pom.xml
> Suggested Safe Versions: 3.12.1, 3.12.2, 3.12.3, 3.12.4, 3.12.5, 3.12.6,
> 3.12.7, 3.12.8, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4,
> 3.14.5, 3.14.6, 4.0.0, 4.0.0-RC1, 4.0.0-RC2, 4.0.0-RC3, 4.0.0-alpha01,
> 4.0.0-alpha02, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0
> Vulnerable Library Version: org.apache.tomcat.embed : tomcat-embed-core :
> 8.5.0
> CVE ID:
> [CVE-2016-0762](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0762),
>
> [CVE-2017-5650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5650),
>
> [CVE-2016-6797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6797),
>
> [CVE-2017-5647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647),
>
> [CVE-2017-5664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664),
>
> [CVE-2017-12617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617),
>
> [CVE-2016-3092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092),
>
> [CVE-2019-0199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199),
>
> [CVE-2017-5648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648),
>
> [CVE-2019-10072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10072),
> [CVE-2017-5651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5651)
> Import Path: components/camel-servlet/pom.xml
> Suggested Safe Versions: 10.0.0-M1, 8.5.41, 8.5.42, 8.5.43, 8.5.45, 8.5.46,
> 8.5.47, 8.5.49, 8.5.50, 8.5.51, 9.0.27, 9.0.29, 9.0.30, 9.0.31
> Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.4.4
> CVE ID:
> [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678)
> Import Path: components/camel-spark/pom.xml
> Suggested Safe Versions: 2.4.5
> Vulnerable Library Version: org.apache.lucene : lucene-core : 3.6.0
> CVE ID:
> [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
> Import Path: components/camel-jcr/pom.xml
> Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2,
> 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1,
> 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0,
> 8.3.1, 8.4.0, 8.4.1
> Vulnerable Library Version: org.apache.logging.log4j : log4j-api : 2.7
> CVE ID:
> [CVE-2017-5645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645)
> Import Path: examples/camel-example-google-pubsub/pom.xml,
> examples/camel-example-kafka/pom.xml, examples/camel-example-debezium/pom.xml
> Suggested Safe Versions: 2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1,
> 2.13.0, 2.8.2, 2.9.0, 2.9.1
> Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.4
> CVE ID:
> [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
> Import Path: components/camel-hdfs/pom.xml, components/camel-hbase/pom.xml,
> components/camel-hbase/pom.xml
> Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
> Vulnerable Library Version: org.apache.logging.log4j : log4j-core : 2.7
> CVE ID:
> [CVE-2019-17571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571),
> [CVE-2017-5645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5645)
> Import Path: examples/camel-example-google-pubsub/pom.xml,
> examples/camel-example-kafka/pom.xml, examples/camel-example-debezium/pom.xml
> Suggested Safe Versions: 2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1,
> 2.13.0, 2.8.2, 2.9.0, 2.9.1
> Vulnerable Library Version: org.asynchttpclient : async-http-client : 2.0.16
> CVE ID:
> [CVE-2017-14063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14063)
> Import Path: components/camel-websocket/pom.xml
> Suggested Safe Versions: 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40,
> 2.1.0, 2.1.0-RC1, 2.1.0-RC2, 2.1.0-RC3, 2.1.0-RC4, 2.1.0-alpha1,
> 2.1.0-alpha10, 2.1.0-alpha11, 2.1.0-alpha12, 2.1.0-alpha13, 2.1.0-alpha14,
> 2.1.0-alpha15, 2.1.0-alpha16, 2.1.0-alpha17, 2.1.0-alpha18, 2.1.0-alpha19,
> 2.1.0-alpha2, 2.1.0-alpha20, 2.1.0-alpha21, 2.1.0-alpha22, 2.1.0-alpha23,
> 2.1.0-alpha24, 2.1.0-alpha25, 2.1.0-alpha26, 2.1.0-alpha3, 2.1.0-alpha4,
> 2.1.0-alpha5, 2.1.0-alpha6, 2.1.0-alpha7, 2.1.0-alpha8, 2.1.0-alpha9, 2.1.1,
> 2.1.2, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.2.0, 2.2.1, 2.3.0,
> 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.5.0,
> 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.6.0, 2.7.0, 2.8.0, 2.8.1, 2.9.0
> Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1
> CVE ID:
> [CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577),
>
> [CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783),
> [CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
> Import Path: catalog/camel-catalog-maven/pom.xml,
> components/camel-elytron/pom.xml, components/camel-weather/pom.xml,
> components/camel-jetty/pom.xml, components/camel-netty-http/pom.xml,
> components/camel-spring-ws/pom.xml, components/camel-undertow/pom.xml,
> tests/camel-itest/pom.xml
> Suggested Safe Versions: 3.0alpha2
> Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.4
> CVE ID:
> [CVE-2017-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718),
>
> [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029),
>
> [CVE-2017-15713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713),
> [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
> Import Path: components/camel-hdfs/pom.xml, components/camel-hbase/pom.xml,
> components/camel-spark/pom.xml
> Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
> Vulnerable Library Version: org.eclipse.jetty : jetty-server :
> 9.4.11.v20180605
> CVE ID:
> [CVE-2019-10247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247)
> Import Path: components/camel-solr/pom.xml
> Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418,
> 9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120,
> 9.4.25.v20191220, 9.4.26.v20200117
> Vulnerable Library Version: mysql : mysql-connector-java : 8.0.15
> CVE ID:
> [CVE-2019-2692](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2692)
> Import Path: components/camel-debezium-mysql/pom.xml
> Suggested Safe Versions: 8.0.16, 8.0.17, 8.0.18, 8.0.19
> Vulnerable Library Version: com.google.guava : guava : 14.0.1
> CVE ID:
> [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
> Import Path: components/camel-hbase/pom.xml
> Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android,
> 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android,
> 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android,
> 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
> Vulnerable Library Version: com.google.guava : guava : 19.0
> CVE ID:
> [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
> Import Path: components/camel-wordpress/pom.xml,
> components/camel-gora/pom.xml, components/camel-ignite/pom.xml,
> components/camel-guava-eventbus/pom.xml,
> tooling/maven/camel-package-maven-plugin/pom.xml
> Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android,
> 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android,
> 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android,
> 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
> Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
> 2.6.7.1
> CVE ID:
> [CVE-2017-17485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485),
>
> [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
>
> [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330),
>
> [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384),
>
> [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439),
>
> [CVE-2018-19362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362),
>
> [CVE-2018-11307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307),
>
> [CVE-2018-14721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721),
>
> [CVE-2018-14719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719),
>
> [CVE-2018-7489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489),
>
> [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531),
>
> [CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086),
>
> [CVE-2017-15095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095),
>
> [CVE-2018-14718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718),
>
> [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943),
>
> [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814),
>
> [CVE-2018-19361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361),
>
> [CVE-2018-19360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360),
>
> [CVE-2018-14720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720),
>
> [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942),
> [CVE-2017-7525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525)
> Import Path: components/camel-spark/pom.xml
> Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
> Vulnerable Library Version: com.nimbusds : nimbus-jose-jwt : 4.13.1
> CVE ID:
> [CVE-2019-17195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17195),
>
> [CVE-2017-12973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12973),
>
> [CVE-2017-12974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12974),
>
> [CVE-2017-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12972)
> Import Path: components/camel-elytron/pom.xml
> Suggested Safe Versions: 7.8.1, 7.9, 8.0, 8.1, 8.2, 8.2.1, 8.3, 8.4, 8.4.1,
> 8.5, 8.5.1, 8.6, 8.7
>
> Vulnerable Library Version: org.apache.ws.security : wss4j : 1.6.8
> CVE ID:
> [CVE-2015-0227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0227),
>
> [CVE-2014-3623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3623),
> [CVE-2015-0226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0226)
> Import Path: tests/camel-performance/pom.xml
> Suggested Safe Versions: 1.6.17, 1.6.18, 1.6.19
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
