Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oeDItcjNqeC1nOTRj
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
Permalink: https://github.com/advisories/GHSA-mhx2-r3jx-g94cJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oeDItcjNqeC1nOTRj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 4 years ago
Updated: 5 months ago
Identifiers: GHSA-mhx2-r3jx-g94c, CVE-2015-0264
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-0264
- https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc
- https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=1df559649a96a1ca0368373387e542f46e4820da
- https://github.com/advisories/GHSA-mhx2-r3jx-g94c
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
- http://rhn.redhat.com/errata/RHSA-2015-1041.html
- http://rhn.redhat.com/errata/RHSA-2015-1538.html
- http://rhn.redhat.com/errata/RHSA-2015-1539.html
- http://securitytracker.com/id/1032442
Affected Packages
maven:org.apache.camel:camel-core
Versions: >= 2.14.0, < 2.14.2, < 2.13.4Fixed in: 2.14.2, 2.13.4