Lucene search

K
osvGoogleOSV:GHSA-MHX2-R3JX-G94C
HistoryOct 16, 2018 - 11:09 p.m.

Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object

2018-10-1623:09:15
Google
osv.dev
14

0.007 Low

EPSS

Percentile

79.9%

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

References

0.007 Low

EPSS

Percentile

79.9%

Related for OSV:GHSA-MHX2-R3JX-G94C