CVE-2015-0264 – org.apache.camel:camel-core

Package

Manager: maven
Name: org.apache.camel:camel-core
Vulnerable Version: >=0 <2.13.4 || >=2.14.0 <2.14.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.02016 pctl0.83026

Details

Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

Metadata

Created: 2018-10-16T23:09:15Z
Modified: 2022-11-17T19:39:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-mhx2-r3jx-g94c/GHSA-mhx2-r3jx-g94c.json
CWE IDs: []
Alternative ID: GHSA-mhx2-r3jx-g94c
Finding: F083
Auto approve: 1