The Camel PMC is pleased to announce the release of Apache Camel 3.7.3.
Apache Camel is an open source integration framework that empowers you
to quickly and easily integrate various systems consuming or producing
data.
This release is a patch release for the LTS 3.7.x branch that contains
36 bug
Description:
The default error page for VelocityView reflects back the vm file that
was entered as part of the URL. An attacker can set an XSS payload
file as this vm file in the URL which results in this payload being
executed.
XSS vulnerabilities allow attackers to execute arbitrary JavaScript
Description:
An attacker that is able to modify Velocity templates may execute
arbitrary Java code or run arbitrary system commands with the same
privileges as the account running the Servlet container. This applies
to applications that allow untrusted users to upload/modify velocity
templates ru