Description

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-1041.html

http://rhn.redhat.com/errata/RHSA-2015-1538.html

http://rhn.redhat.com/errata/RHSA-2015-1539.html

http://securitytracker.com/id/1032442

https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc

https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=1df559649a96a1ca0368373387e542f46e4820da

https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

Related Vulnerabilities

CVE-2013-6468 Vulnerability in maven package org.drools:drools-workbench-models-test-scenarios

CVE-2014-0050 Vulnerability in maven package commons-fileupload:commons-fileupload

CVE-2021-21655 Vulnerability in maven package org.jenkins-ci.plugins:p4

CVE-2020-24554 Vulnerability in maven package com.liferay.release.portal.bom

CVE-2022-45787 Vulnerability in maven package org.apache.james:apache-mime4j-storage

Severity

Critical

Tags

Vendor Advisory NVD-CWE-Other