Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-06-03T20:00:00

Updated: 2024-08-06T04:03:10.739Z

Reserved: 2014-11-18T00:00:00

Link: CVE-2015-0264

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-06-03T20:59:04.403

Modified: 2024-11-21T02:22:41.013

Link: CVE-2015-0264

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-03-17T00:00:00Z

Links: CVE-2015-0264 - Bugzilla