CVE-2015-0263

Description

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

How to fix CVE-2015-0263

To remediate CVE-2015-0263, upgrade the affected package to a fixed version below.

• Maven/org.apache.camel:camel-core—upgrade to 2.13.4 or later

Is CVE-2015-0263 being exploited?

Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.13.4

References (15)

• ADVISORYgithub.com/advisories/GHSA-3hrc-f439-727g
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-0263
• PATCHgithub.com/apache/camel
• WEBrhn.redhat.com/errata/RHSA-2015-1041.html
• WEBrhn.redhat.com