Description

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-1041.html

http://rhn.redhat.com/errata/RHSA-2015-1538.html

http://rhn.redhat.com/errata/RHSA-2015-1539.html

http://securitytracker.com/id/1032442

https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc

https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=1df559649a96a1ca0368373387e542f46e4820da

https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

Related Vulnerabilities

CVE-2019-10455 Vulnerability in maven package org.jenkins-ci.plugins:icescrum

CVE-2020-25633 Vulnerability in maven package org.jboss.resteasy:resteasy-client-api

CVE-2020-2167 Vulnerability in maven package com.openshift.jenkins:openshift-pipeline

CVE-2022-36902 Vulnerability in maven package com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter

CVE-2022-43424 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage

Severity

Critical

Tags

Vendor Advisory NVD-CWE-Other