Apache Camel is prone to an XML External Entity vulnerability.
An attacker can exploit this issue to gain access to sensitive information from the application; this may lead to further attacks.
The following versions are affected:
Apache Camel 2.20.0 through 2.20.3
Apache Camel 2.21.0
Information
Apache Camel 2.20.3
Apache Camel 2.20.1
Apache Camel 2.20
Apache Camel 2.20.4
Exploit
An attacker can exploit this issue using readily available tools.
References:
- Apache Camel Home Page (Apache Software Foundation)
- XML Validator - Improve DTD handling (Apache)
- XML Validator: Improve DTD handling (Apache)
- CVE-2018-8027: Apache Camel's Core is vulnerable to XXE in XSD validation proces (Apache)