CVE-2015-0263: XXE in Apache Camel

June 3, 2015 (updated May 24, 2019)

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in this package allows remote attackers to read arbitrary files via an external entity in an SAXSource.

References

camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc?version=1&modificationDate=1426539178000&api=v2
camel.apache.org/security-advisories.html
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0263

Detect and mitigate CVE-2015-0263 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →