Description

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc

http://secunia.com/advisories/57125

http://www.securityfocus.com/bid/65901

http://secunia.com/advisories/57716

http://rhn.redhat.com/errata/RHSA-2014-0371.html

http://secunia.com/advisories/57719

http://rhn.redhat.com/errata/RHSA-2014-0372.html

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

Related Vulnerabilities

CVE-2019-10062 Vulnerability in npm package aurelia-framework

CVE-2023-49375 Vulnerability in maven package com.jfinal:jfinal

CVE-2023-50101 Vulnerability in maven package com.jfinal:jfinal

CVE-2014-0050 Vulnerability in maven package commons-fileupload:commons-fileupload

CVE-2020-5243 Vulnerability in npm package uap-core

Severity

Critical

Classification

CWE-264

Tags

Exploit Vendor Advisory