content/security/CVE-2015-0263.md

title: “Apache Camel Security Advisory - CVE-2015-0263” url: /security/CVE-2015-0263.html date: 2015-06-03T16:59:02.917000 draft: false type: security-advisory cve: CVE-2015-0263 severity: MEDIUM summary: “The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.” description: “The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.” mitigation: “2.13.x users should upgrade to 2.13.4, 2.14.x users should upgrade to 2.14.2. This patch will be included from Camel 2.15.0: https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36” credit: “This issue was discovered by Stephan Siano.” affected: 2.13.0 up to 2.13.3, 2.14.0 up to 2.14.1 fixed: 2.13.4, 2.14.2, 2.15.0 and newer