CVE-2019-0188 Apache Camel XML External Entity Injection Vulnerability – May 2019

Preface: The computing market trending on open source development and thus its growth rapidly. Believe it or not, see how many Apache server running now.

Apache Camel background: You can use MQ (message queues) to enable applications to communicate at different times and in many diverse computing environments. This is the famous vendor proprietary toys in past decade. Until opensource born in the world especially Apache Camel. It pay the role to doing similar functions, perhaps the capability of function still under development. But it is on the way and it is free.

Vulnerability details: A vulnerability in the camel-xmljson component of Apache Camel could allow an unauthenticated, remote attacker to conduct an XML external entity injection (XXE) attack on a targeted system. It was because the affected software uses an outdated vulnerable JSON-lib library.

Remedy: Vendor released software updates at the following link –