CVE-2015-0264 – Camel: XXE via XPath expression evaluation

https://notcve.org/view.php?id=CVE-2015-0264

01 Jun 2015 — Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query. Múltiples vulnerabilidades de entidad externa XML (XXE) en builder/xml/XPathBuilder.java en Apache Camel anterior a 2.13.4 y 2.14.x anterior a 2.14.2 permiten a atacantes remotos leer ficheros arbitrarios a través de una entidad ... • http://rhn.redhat.com/errata/RHSA-2015-1041.html • CWE-611: Improper Restriction of XML External Entity Reference •