Skip to content

Apache Camel XML External Entity vulnerability

Moderate severity GitHub Reviewed Published Oct 16, 2018 to the GitHub Advisory Database • Updated Dec 19, 2023

Package

maven org.apache.camel:camel-core (Maven)

Affected versions

< 2.13.4
>= 2.14.0, < 2.14.2

Patched versions

2.13.4
2.14.2

Description

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

References

Published to the GitHub Advisory Database Oct 16, 2018
Reviewed Jun 16, 2020
Last updated Dec 19, 2023

Severity

Moderate

EPSS score

0.142%
(51st percentile)

Weaknesses

CVE ID

CVE-2015-0263

GHSA ID

GHSA-3hrc-f439-727g

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.