Moderate severityNVD Advisory· Published Jun 3, 2015· Updated May 6, 2026

CVE-2015-0263

Description

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.camel:camel-coreMaven	< 2.13.4	2.13.4
org.apache.camel:camel-coreMaven	>= 2.14.0, < 2.14.2	2.14.2

Affected products

Apache/Camel3 versions
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*range: <=2.13.3
- cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*

Patches

367d53e73c8b

https://github.com/apache/camelvia ghsa

commit

7d19340bcdb4

https://github.com/apache/camelvia ghsa

commit

06db9e0744f2

https://github.com/apache/camelvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.securitytracker.com/id/1032442nvdThird Party AdvisoryVDB EntryWEB
camel.apache.org/security-advisories.data/CVE-2015-0263.txt.ascnvdVendor AdvisoryWEB
github.com/advisories/GHSA-3hrc-f439-727gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-0263ghsaADVISORY
rhn.redhat.com/errata/RHSA-2015-1041.htmlnvdRelease NotesWEB
rhn.redhat.com/errata/RHSA-2015-1538.htmlnvdRelease NotesWEB
rhn.redhat.com/errata/RHSA-2015-1539.htmlnvdWEB
git-wip-us.apache.org/repos/asfghsaWEB
github.com/apache/camel/commit/06db9e0744f2bb9f6e3bf16c0dfe7099a3481558ghsaWEB
github.com/apache/camel/commit/367d53e73c8b5a1e73c24423e631709f9a96e08dghsaWEB
github.com/apache/camel/commit/7d19340bcdb42f7aae584d9c5003ac4f7ddaee36ghsaWEB
issues.apache.org/jira/browse/CAMEL-8312ghsaWEB
lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3EghsaWEB
lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3EghsaWEB
git-wip-us.apache.org/repos/asfnvd
lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3Envd
lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3Envd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000