Moderate severityNVD Advisory· Published Jun 3, 2015· Updated Jun 17, 2026
CVE-2015-0264
CVE-2015-0264
Description
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.camel:camel-coreMaven | < 2.13.4 | 2.13.4 |
org.apache.camel:camel-coreMaven | >= 2.14.0, < 2.14.2 | 2.14.2 |
Affected products
4Patches
Vulnerability mechanics
References
16- camel.apache.org/security-advisories.data/CVE-2015-0264.txt.ascnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-mhx2-r3jx-g94cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-0264ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2015-1041.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1538.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1539.htmlnvdWEB
- securitytracker.com/id/1032442nvdWEB
- git-wip-us.apache.org/repos/asfghsaWEB
- github.com/apache/camel/commit/7360aada5154434c68774aa30e0f21ddc5f27b9fghsaWEB
- github.com/apache/camel/commit/b47b51a195b38e7ab7c099d19910af70a16638f6ghsaWEB
- issues.apache.org/jira/browse/CAMEL-8312ghsaWEB
- lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3EghsaWEB
- git-wip-us.apache.org/repos/asfnvd
- lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3Envd
- lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3Envd
News mentions
0No linked articles in our index yet.