GitHub Advisory DatabaseGHSA-2FW5-RVF2-JQ56Apache Camel's XSLT component allows remote attackers to read arbitrary files
0.358 Low
EPSS
Percentile
97.1%
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.camel:camel-core | lt | 2.12.3 | |
| org.apache.camel:camel-core | lt | 2.11.4 |
References
camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc
rhn.redhat.com/errata/RHSA-2014-0371.html
rhn.redhat.com/errata/RHSA-2014-0372.html
github.com/advisories/GHSA-2fw5-rvf2-jq56
github.com/apache/camel/commit/2ec54fa0c13ae65bdcccff764af081a79fcc05f
github.com/apache/camel/commit/341d4e6cca71c53c90962d1c3d45fc9e05cc50c6
github.com/apache/camel/commit/54b65c1d30848835f26bd138c0ba407bc1e560d
issues.apache.org/jira/browse/CAMEL-7129
lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2014-0002
web.archive.org/web/20200229061309/www.securityfocus.com/bid/65901
Related
