CVE-2014-0003 — Apache Camel's XSLT component allows remote attackers to execute arbitrary Java

Description

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.

How to fix CVE-2014-0003

To remediate CVE-2014-0003, upgrade the affected package to a fixed version below.

Maven/org.apache.camel:camel-core—upgrade to 2.11.4 or later

Is CVE-2014-0003 being exploited?

Moderate — EPSS is 23.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 2.11.0, < 2.11.4

References (16)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-0003
PATCHgithub.com/apache/camel
WEBcamel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc
WEBrhn.redhat.com/errata/RHSA-2014-0245.html
WEB