It was found that apache camel-mail is vulnerable to path traversal vulnerability when in the position of receiving MUA. While camel-mail does not write the attachment to an arbitrary paths, it does not prevent user code from utilizing this functionality to be exposed to such vulnerability.
(In reply to Hooman Broujerdi from comment #1) > Acknowledgments: > > Name: Zoran Regvart (Red Hat) Minor correction, this was reported to Apache Camel by Shapira, Eedo (GE Digital).
Acknowledgments: Name: Eedo Shapira (GE Digital)
This issue has been addressed in the following products: Red Hat Fuse 7.2 Via RHSA-2018:3768 https://access.redhat.com/errata/RHSA-2018:3768
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-8041