Skip to content

Latest commit

 

History

History
15 lines (15 loc) · 1.13 KB

CVE-2015-0264.md

File metadata and controls

15 lines (15 loc) · 1.13 KB
Raw
title url date draft type cve severity summary description mitigation credit affected fixed
Apache Camel Security Advisory - CVE-2015-0264
/security/CVE-2015-0264.html
2015-06-03 09:59:04 -0700
false
security-advisory
CVE-2015-0264
MEDIUM
The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile objects allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration. The XML External Entity (XXE) will be resolved before the Exception is thrown.
The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile objects allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration. The XML External Entity (XXE) will be resolved before the Exception is thrown.
2.13.x users should upgrade to 2.13.4, 2.14.x users should upgrade to 2.14.2. This patch will be included from Camel 2.15.0: https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=1df559649a96a1ca0368373387e542f46e4820da
This issue was discovered by Stephan Siano.
2.13.0 up to 2.13.3, 2.14.0 up to 2.14.1
2.13.4, 2.14.2, 2.15.0 and newer