Description

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc

http://rhn.redhat.com/errata/RHSA-2014-0371.html

http://rhn.redhat.com/errata/RHSA-2014-0372.html

http://secunia.com/advisories/57125

http://secunia.com/advisories/57716

http://secunia.com/advisories/57719

http://www.securityfocus.com/bid/65901

https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

Related Vulnerabilities

CVE-2016-5004 Vulnerability in maven package org.apache.xmlrpc:xmlrpc

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14

CVE-2022-3143 Vulnerability in maven package org.wildfly.security:wildfly-elytron-password-impl

CVE-2022-36910 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search

CVE-2023-24434 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

Severity

Critical

Classification

CWE-264

Tags

Exploit Vendor Advisory