The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.
Versions affected
2.13.0 up to 2.13.3, 2.14.0 up to 2.14.1
Versions fixed
2.13.4, 2.14.2, 2.15.0 and newer
Description
The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.