|Number of vulnerabilities||1|
Server applications / Frameworks for developing and running applications
This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The disclosed vulnerability allows a remote attacker to perform XXE attack.
The weakness exists due to improper handling of XML external entity (XXE) declarations by the XSD validation processor. A remote attacker can trick the victim victim into opening a specially crafted XML content to read arbitrary files.Mitigation
The vulnerability is addressed in the versions 2.20.4, 2.21.1.Vulnerable software versions
Apache Camel: 2.20.0 - 2.21.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?