Description
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
Remediation
References
https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc
http://securitytracker.com/id/1032442
http://rhn.redhat.com/errata/RHSA-2015-1041.html
http://rhn.redhat.com/errata/RHSA-2015-1538.html
http://rhn.redhat.com/errata/RHSA-2015-1539.html
https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=1df559649a96a1ca0368373387e542f46e4820da
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
Related Vulnerabilities
CVE-2011-5245 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2023-30524 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2012-3544 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2014-8152 Vulnerability in maven package org.apache.santuario:xmlsec
CVE-2022-3916 Vulnerability in maven package org.keycloak:keycloak-services