| title | url | date | draft | type | cve | severity | summary | description | mitigation | credit | affected | fixed |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Apache Camel Security Advisory - CVE-2015-0263 |
/security/CVE-2015-0263.html |
2015-06-03 09:59:02 -0700 |
false |
security-advisory |
CVE-2015-0263 |
MEDIUM |
The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration. |
The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration. |
2.13.x users should upgrade to 2.13.4, 2.14.x users should upgrade to 2.14.2. This patch will be included from Camel 2.15.0: https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36 |
This issue was discovered by Stephan Siano. |
2.13.0 up to 2.13.3, 2.14.0 up to 2.14.1 |
2.13.4, 2.14.2, 2.15.0 and newer |