Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel prior to 2.13.4 and 2.14.x prior to 2.14.2 allow remote malicious users to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache camel 2.14.0 |
||
apache camel |
||
apache camel 2.14.1 |