Описание
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.13.3 (включая)
Одно из
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02016
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
redhat
почти 11 лет назад
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
github
больше 7 лет назад
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
EPSS
Процентиль: 83%
0.02016
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other