CVE-2014-0003 – org.apache.camel:camel-core

Package

Manager: maven
Name: org.apache.camel:camel-core
Vulnerable Version: >=2.11.0 <2.11.4 || >=2.12.0 <2.12.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.28969 pctl0.96406

Details

Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.

Metadata

Created: 2018-10-16T23:13:49Z
Modified: 2023-02-15T22:19:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-h6rp-8v4j-hwph/GHSA-h6rp-8v4j-hwph.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-h6rp-8v4j-hwph
Finding: F096
Auto approve: 1