Child pages
  • Security Advisories
Skip to end of metadata
Go to start of metadata

2015

  • CVE-2015-0264 - The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile objects allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration. The XML External Entity (XXE) will be resolved before the Exception is thrown.
  • CVE-2015-0263 - The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.

2014

  • CVE-2014-0003 - The Apache Camel XSLT component allows XSL stylesheets to perform calls to external Java methods.
  • CVE-2014-0002 - The Apache Camel XSLT component will resolve entities in XML messages when transforming them using an xslt route.

2013

  • CVE-2013-4330 - Writing files using FILE or FTP components, can potentially be exploited by a malicious user.

 

  • No labels

0 Comments