LATEST RELEASE: 24.05 — Zero Trust, DB Sharding, Java 21, Rust Support, and More. Read Release Notes

Camel Dependency, Fixed in Akka 2.5.4


August 2017-08-09

Description of Vulnerability

Apache Camel’s Validation Component is vulnerable against SSRF via remote DTDs and XXE, as described in CVE-2017-5643

To protect against such attacks the system should be updated to Akka 2.4.20, 2.5.4 or later. Dependencies to Camel libraries should be updated to version 2.17.7.


The CVSS score of this vulnerability is 7.4 (High), according to CVE-2017-5643.

Affected Versions

Fixed Versions

We have prepared patches for the affected versions, and have released the following versions which resolve the issue:


We would like to thank Thomas Szymanski for bringing this issue to our attention.