Package Instance

Read arbitrary files
The XSLT component in this package allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

XXE in Apache Camel
Multiple XML external entity (XXE) vulnerabilities in `builder/xml/XPathBuilder.java` in this package allow remote attackers to read arbitrary files via an external entity in an invalid XML String or GenericFile object in an XPath query.

XXE in Apache Camel
XML external entity (XXE) vulnerability in the XML converter setup in `converter/jaxp/XmlConverter.java` in this package allows remote attackers to read arbitrary files via an external entity in an SAXSource.

External method call in XSL stylesheets
The XSLT component in this package allows remote attackers to execute arbitrary Java methods via a crafted message.

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE
This package is vulnerable against SSRF via remote DTDs and XXE.

Path Traversal
Apache Camel's File is vulnerable to directory traversal.

Remote code execution via header field manipulation
This package allows remote attackers to execute arbitrary simple language expressions by including `$simple{}` in a CamelFileName message header to a `FILE` or `FTP` producer.