Skip to content

Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object

Moderate severity GitHub Reviewed Published Oct 16, 2018 to the GitHub Advisory Database • Updated Dec 19, 2023

Package

maven org.apache.camel:camel-core (Maven)

Affected versions

< 2.13.4
>= 2.14.0, < 2.14.2

Patched versions

2.13.4
2.14.2
Published to the GitHub Advisory Database Oct 16, 2018
Reviewed Jun 16, 2020
Last updated Dec 19, 2023

Severity

Moderate

EPSS score

0.334%
(72nd percentile)

Weaknesses

No CWEs

CVE ID

CVE-2015-0264

GHSA ID

GHSA-mhx2-r3jx-g94c

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.