An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oeDItcjNqeC1nOTRj

Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object

Multiple XML external entity (XXE) vulnerabilities in builder/xml/ in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 5 years ago
Updated: 11 months ago

Identifiers: GHSA-mhx2-r3jx-g94c, CVE-2015-0264

Affected Packages

Versions: >= 2.14.0, < 2.14.2, < 2.13.4
Fixed in: 2.14.2, 2.13.4