First published: Wed Jun 03 2015(Updated: )
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Camel | <=2.13.3 | |
Apache Camel | =2.14.0 | |
Apache Camel | =2.14.1 | |
maven/org.apache.camel:camel-core | >=2.14.0<2.14.2 | 2.14.2 |
maven/org.apache.camel:camel-core | <2.13.4 | 2.13.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.