VYPR
Moderate severityNVD Advisory· Published Jun 3, 2015· Updated Jun 17, 2026

CVE-2015-0263

CVE-2015-0263

Description

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.camel:camel-coreMaven
< 2.13.42.13.4
org.apache.camel:camel-coreMaven
>= 2.14.0, < 2.14.22.14.2

Affected products

4
  • Apache/Camel3 versions
    cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*range: <=2.13.3
    • cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2.13.4

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.