Description

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

Remediation

References

https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc

http://securitytracker.com/id/1032442

http://rhn.redhat.com/errata/RHSA-2015-1041.html

http://rhn.redhat.com/errata/RHSA-2015-1538.html

http://rhn.redhat.com/errata/RHSA-2015-1539.html

https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=1df559649a96a1ca0368373387e542f46e4820da

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

Related Vulnerabilities

CVE-2022-34786 Vulnerability in maven package org.jenkins-ci.plugins:rich-text-publisher-plugin

CVE-2014-0095 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2023-37466 Vulnerability in maven package org.webjars.npm:vm2

CVE-2023-30543 Vulnerability in npm package @web3-react/coinbase-wallet

CVE-2015-1840 Vulnerability in maven package org.webjars.npm:jquery-ujs

Severity

Critical

Tags

Vendor Advisory NVD-CWE-Other