docs/user-manual/en/security-advisories.adoc - camel - Git at Google

 [[SecurityAdvisories]]
 ### 2017

 link:security-advisories/CVE-2017-5643.txt.asc[CVE-2017-5643] - Apache
 Camel's Validation Component is vulnerable against SSRF via remote DTDs
 and XXE

 link:security-advisories/CVE-2017-3159.txt.asc[CVE-2017-3159] - Apache
 Camel's Snakeyaml unmarshalling operation is vulnerable to Remote Code
 Execution attacks

 ### 2016

 link:security-advisories/CVE-2016-8749.txt.asc[CVE-2016-8749] - Apache
 Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to
 Remote Code Execution attacks

 ### 2015

 link:security-advisories/CVE-2015-5344.txt.asc[CVE-2015-5344] - Apache
 Camel's XStream usage is vulnerable to Remote Code Execution attacks.

 link:security-advisories/CVE-2015-5348.txt.asc[CVE-2015-5348]
 - Apache Camel's Jetty/Servlet usage is vulnerable to Java object
 de-serialisation vulnerability.

 link:security-advisories/CVE-2015-0264.txt.asc[CVE-2015-0264]
 - The XPath handling in Apache Camel for invalid XML Strings or invalid
 XML GenericFile objects allows remote attackers to read arbitrary files
 via an XML External Entity (XXE) declaration. The XML External Entity
 (XXE) will be resolved before the Exception is thrown.

 link:security-advisories/CVE-2015-0263.txt.asc[CVE-2015-0263]
 - The XML converter setup in Apache Camel allows remote attackers to
 read arbitrary files via an SAXSource containing an XML External Entity
 (XXE) declaration.

 ### 2014


 link:security-advisories/CVE-2014-0003.txt.asc[CVE-2014-0003]
 - The Apache Camel XSLT component allows XSL stylesheets to perform
 calls to external Java methods.

 link:security-advisories/CVE-2014-0002.txt.asc[CVE-2014-0002]
 - The Apache Camel XSLT component will resolve entities in XML messages
 when transforming them using an xslt route.

 ### 2013

 link:security-advisories/CVE-2013-4330.txt.asc[CVE-2013-4330]
 - Writing files using FILE or FTP components, can potentially be
 exploited by a malicious user.
	[[SecurityAdvisories]]
	### 2017

	link:security-advisories/CVE-2017-5643.txt.asc[CVE-2017-5643] - Apache
	Camel's Validation Component is vulnerable against SSRF via remote DTDs
	and XXE

	link:security-advisories/CVE-2017-3159.txt.asc[CVE-2017-3159] - Apache
	Camel's Snakeyaml unmarshalling operation is vulnerable to Remote Code
	Execution attacks

	### 2016

	link:security-advisories/CVE-2016-8749.txt.asc[CVE-2016-8749] - Apache
	Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to
	Remote Code Execution attacks

	### 2015

	link:security-advisories/CVE-2015-5344.txt.asc[CVE-2015-5344] - Apache
	Camel's XStream usage is vulnerable to Remote Code Execution attacks.

	link:security-advisories/CVE-2015-5348.txt.asc[CVE-2015-5348]
	- Apache Camel's Jetty/Servlet usage is vulnerable to Java object
	de-serialisation vulnerability.

	link:security-advisories/CVE-2015-0264.txt.asc[CVE-2015-0264]
	- The XPath handling in Apache Camel for invalid XML Strings or invalid
	XML GenericFile objects allows remote attackers to read arbitrary files
	via an XML External Entity (XXE) declaration. The XML External Entity
	(XXE) will be resolved before the Exception is thrown.

	link:security-advisories/CVE-2015-0263.txt.asc[CVE-2015-0263]
	- The XML converter setup in Apache Camel allows remote attackers to
	read arbitrary files via an SAXSource containing an XML External Entity
	(XXE) declaration.

	### 2014


	link:security-advisories/CVE-2014-0003.txt.asc[CVE-2014-0003]
	- The Apache Camel XSLT component allows XSL stylesheets to perform
	calls to external Java methods.

	link:security-advisories/CVE-2014-0002.txt.asc[CVE-2014-0002]
	- The Apache Camel XSLT component will resolve entities in XML messages
	when transforming them using an xslt route.

	### 2013

	link:security-advisories/CVE-2013-4330.txt.asc[CVE-2013-4330]
	- Writing files using FILE or FTP components, can potentially be
	exploited by a malicious user.