- EPSS 7.09%
- Veröffentlicht 03.06.2015 20:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) Gener...
- EPSS 7.53%
- Veröffentlicht 03.06.2015 20:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
CVE-2014-0003
- EPSS 7.35%
- Veröffentlicht 21.03.2014 04:38:59
- Zuletzt bearbeitet 06.05.2026 22:30:45
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
CVE-2014-0002
- EPSS 32.54%
- Veröffentlicht 21.03.2014 04:38:59
- Zuletzt bearbeitet 06.05.2026 22:30:45
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an ...
CVE-2013-4330
- EPSS 8.52%
- Veröffentlicht 04.10.2013 17:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.