GHSA-mhx2-r3jx-g94c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mhx2-r3jx-g94c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-mhx2-r3jx-g94c/GHSA-mhx2-r3jx-g94c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mhx2-r3jx-g94c
- Aliases
-
- CVE-2015-0264
- Published
- 2018-10-16T23:09:15Z
- Modified
- 2024-12-06T05:27:50.866225Z
- Summary
- Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
- Details
-
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:46:27Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-0264
- https://github.com/apache/camel/commit/7360aada5154434c68774aa30e0f21ddc5f27b9f
- https://github.com/apache/camel/commit/b47b51a195b38e7ab7c099d19910af70a16638f6
- https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc
- https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=1df559649a96a1ca0368373387e542f46e4820da
- https://github.com/advisories/GHSA-mhx2-r3jx-g94c
- https://github.com/apache/camel
- https://issues.apache.org/jira/browse/CAMEL-8312
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
- http://rhn.redhat.com/errata/RHSA-2015-1041.html
- http://rhn.redhat.com/errata/RHSA-2015-1538.html
- http://rhn.redhat.com/errata/RHSA-2015-1539.html
- http://securitytracker.com/id/1032442
Affected packages
Maven / org.apache.camel:camel-core
Package
- Name
- org.apache.camel:camel-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.camel/camel-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.13.4
Affected versions
1.*
1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
2.*
2.0-M1
2.0-M2
2.0-M3
2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.9.0-RC1
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.13.0
2.13.1
2.13.2
2.13.3
Maven / org.apache.camel:camel-core
Package
- Name
- org.apache.camel:camel-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.camel/camel-core