GHSA-MHX2-R3JX-G94C Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object

Multiple XML external entity XXE vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML 1 String or 2 GenericFile object in an XPath query...