svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html

buildbot
Author: buildbot
Date: Fri May 24 09:19:51 2019
New Revision: 1045395

Log:
Production update by buildbot for camel

Added:
    websites/production/camel/content/security-advisories.data/CVE-2019-0188.txt.asc
Modified:
    websites/production/camel/content/cache/main.pageCache
    websites/production/camel/content/security-advisories.html

Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Added: websites/production/camel/content/security-advisories.data/CVE-2019-0188.txt.asc
==============================================================================
--- websites/production/camel/content/security-advisories.data/CVE-2019-0188.txt.asc (added)
+++ websites/production/camel/content/security-advisories.data/CVE-2019-0188.txt.asc Fri May 24 09:19:51 2019
@@ -0,0 +1,25 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+CVE-2019-0188: Apache Camel-XMLJson vulnerable to XML external entity injection (XXE)
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Apache Camel versions prior to 2.24.0
+
+Description: Apache Camel provided contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
+
+Mitigation: Update to version 2.24.0
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+iQEcBAEBAgAGBQJc57YJAAoJEONOnzgC/0EAI1oIAITlFL/xUHp0rEn5WaRoCbGE
+49ZYJ2/bwK94se0KMhT5VqF6mYf1BWMSVzrczN+Qm8bEb1tQPDZFnTUe0hUjMN61
+tJpGK1UPCOUm3rBVSmrkbYclBVCBgxIEjfeP7SAtBXZSQ7/SHLBG8OQWRur7CPml
+6qtDt9WqIV0da9hJgP2n0YExqyfbCb0IZkvo23DWlzAHZ0LCVc7V/lDqGG1cWsZw
+gEMtUfbaz4533vr5+LgST3z7AbnMBpk2P29/9M7Z3wOxtS2Ne6aw/ooJfRh/HJ5k
+sw4jNQ/4txaha4BszSH9Ibdm0nMyzlmv0u8nONM0X2hhxasybMXIdPlTJh308BU=
+=w7Pn
+-----END PGP SIGNATURE-----

Modified: websites/production/camel/content/security-advisories.html
==============================================================================
--- websites/production/camel/content/security-advisories.html (original)
+++ websites/production/camel/content/security-advisories.html Fri May 24 09:19:51 2019
@@ -78,7 +78,7 @@
  <tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><h3 id="SecurityAdvisories-2019">2019</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2019-0194.txt.asc?version=1&amp;modificationDate=1556620345000&amp;api=v2" data-linked-resource-id="113708792" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2019-0194.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2019-0194</a><a shape="rect" href="security-advisories.data/CVE-2018-8027.txt.asc?version=4&amp;modificationDate=1533020841000&amp;api=v2" data-linked-resource-id="89065844" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8027.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-cont
 ainer-version="20">&#160;</a>-&#160;Apache Camel's File is vulnerable to directory traversal</li></ul><h3 id="SecurityAdvisories-2018">2018</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2018-8041.txt.asc?version=1&amp;modificationDate=1536746339000&amp;api=v2" data-linked-resource-id="91554396" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8041.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2018-8041</a><a shape="rect" href="security-advisories.data/CVE-2018-8027.txt.asc?version=4&amp;modificationDate=1533020841000&amp;api=v2" data-linked-resource-id="89065844" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8027.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-li
 nked-resource-container-id="34833933" data-linked-resource-container-version="20">&#160;</a>-&#160;Apache Camel's Mail is vulnerable to path traversal</li><li><a shape="rect" href="security-advisories.data/CVE-2018-8027.txt.asc?version=4&amp;modificationDate=1533020841000&amp;api=v2" data-linked-resource-id="89065844" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8027.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2018-8027</a><a shape="rect" href="security-advisories.data/CVE-2018-8027.txt.asc?version=4&amp;modificationDate=1533020841000&amp;api=v2" data-linked-resource-id="89065844" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8027.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
 data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">&#160;</a>-&#160;Apache Camel's Core is vulnerable to XXE in XSD validation processor</li></ul><h3 id="SecurityAdvisories-2017">2017</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2017-12634.txt.asc?version=1&amp;modificationDate=1510733922000&amp;api=v2" data-linked-resource-id="74687198" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-12634.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2017-12634</a>&#160;- Apache Camel's Castor unmarshalling operation is vulnerable to Remote Code Execution attacks</li><li><a shape="rect" href="security-advisories.data/CVE-2017-12633.txt.asc?version=1&amp;modificationDate=1510733921000&amp;api=v2" data-linked-resource-id="74687197" data-linked-resou
 rce-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-12633.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2017-12633</a>&#160;- Apache Camel's Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks</li><li><a shape="rect" href="security-advisories.data/CVE-2017-5643.txt.asc?version=1&amp;modificationDate=1489652454000&amp;api=v2" data-linked-resource-id="68719271" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-5643.txt.asc" data-linked-resource-content-type="application/pgp-encrypted" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2017-5643</a>&#160;-&#160;Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE</li><li><a shape="rect" href="s
 ecurity-advisories.data/CVE-2017-3159.txt.asc?version=1&amp;modificationDate=1486565167000&amp;api=v2" data-linked-resource-id="67641933" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-3159.txt.asc" data-linked-resource-content-type="application/pgp-encrypted" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2017-3159</a>&#160;-&#160;Apache Camel's Snakeyaml unmarshalling operation is vulnerable to Remote Code Execution attacks</li></ul><h3 id="SecurityAdvisories-2016">2016</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2016-8749.txt.asc?version=2&amp;modificationDate=1486565034000&amp;api=v2" data-linked-resource-id="67641927" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-8749.txt.asc" data-linked-resource-content-type="application/pgp-encrypted" data-linked-resource-container-id="348
 33933" data-linked-resource-container-version="20">CVE-2016-8749</a>&#160;-&#160;Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2015-5344.txt.asc?version=1&amp;modificationDate=1454056803000&amp;api=v2" data-linked-resource-id="61338184" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5344.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2015-5344</a>&#160;-&#160;Apache Camel's XStream usage is vulnerable&#160;to Remote Code Execution attacks.</li><li><a shape="rect" href="security-advisories.data/CVE-2015-5348.txt.asc?version=1&amp;modificationDate=1450340845000&amp;api=v2" data-linked-resource-id="61333112" data-linked
 -resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5348.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2015-5348</a> - Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability.</li><li><a shape="rect" href="security-advisories.data/CVE-2015-0264.txt.asc?version=1&amp;modificationDate=1426539191000&amp;api=v2" data-linked-resource-id="54165590" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-0264.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2015-0264</a> - The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile objects allows remote attacke
 rs to read arbitrary files via an XML External Entity (XXE) declaration. The XML External Entity (XXE) will be resolved before the Exception is thrown.</li><li><a shape="rect" href="security-advisories.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178000&amp;api=v2" data-linked-resource-id="54165589" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-0263.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2015-0263</a> - The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.</li></ul><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-0003.txt.asc?version=1&amp;modificationDate=1393615582000&amp;api=v2" data-linked-resourc
 e-id="40009835" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0003.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2014-0003</a> - The Apache Camel XSLT component allows XSL stylesheets to perform calls to external Java methods.</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0002.txt.asc?version=1&amp;modificationDate=1393615569000&amp;api=v2" data-linked-resource-id="40009834" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0002.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2014-0002</a> - The Apache Camel XSLT component will resolve entities in XML messages when transformin
 g them using an xslt route.</li></ul><h3 id="SecurityAdvisories-2013">2013</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2013-4330.txt.asc?version=1&amp;modificationDate=1380633919000&amp;api=v2" data-linked-resource-id="35192841" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2013-4330.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="20">CVE-2013-4330</a> - Writing files using FILE or FTP components, can potentially be exploited by a malicious user.</li></ul><p><br clear="none"></p></div>
+<div class="wiki-content maincontent"><h3 id="SecurityAdvisories-2019">2019</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2019-0194.txt.asc?version=1&amp;modificationDate=1556620345000&amp;api=v2" data-linked-resource-id="113708792" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2019-0194.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2019-0188</a><a shape="rect" href="security-advisories.data/CVE-2018-8027.txt.asc?version=4&amp;modificationDate=1533020841000&amp;api=v2" data-linked-resource-id="89065844" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8027.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-cont
 ainer-version="22">&#160;</a>-&#160;Apache Camel-XMLJson vulnerable to XML external entity injection (XXE)</li><li><a shape="rect" href="security-advisories.data/CVE-2019-0194.txt.asc?version=1&amp;modificationDate=1556620345000&amp;api=v2" data-linked-resource-id="113708792" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2019-0194.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2019-0194</a><a shape="rect" href="security-advisories.data/CVE-2018-8027.txt.asc?version=4&amp;modificationDate=1533020841000&amp;api=v2" data-linked-resource-id="89065844" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8027.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933
 " data-linked-resource-container-version="22">&#160;</a>-&#160;Apache Camel's File is vulnerable to directory traversal</li></ul><h3 id="SecurityAdvisories-2018">2018</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2018-8041.txt.asc?version=1&amp;modificationDate=1536746339000&amp;api=v2" data-linked-resource-id="91554396" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8041.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2018-8041</a><a shape="rect" href="security-advisories.data/CVE-2018-8027.txt.asc?version=4&amp;modificationDate=1533020841000&amp;api=v2" data-linked-resource-id="89065844" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8027.txt.asc" data-nice-type="Text File" data-linked-resource-conten
 t-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">&#160;</a>-&#160;Apache Camel's Mail is vulnerable to path traversal</li><li><a shape="rect" href="security-advisories.data/CVE-2018-8027.txt.asc?version=4&amp;modificationDate=1533020841000&amp;api=v2" data-linked-resource-id="89065844" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8027.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2018-8027</a><a shape="rect" href="security-advisories.data/CVE-2018-8027.txt.asc?version=4&amp;modificationDate=1533020841000&amp;api=v2" data-linked-resource-id="89065844" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8027.txt.asc" data-nice-type="Text File" data-linked-resource
 -content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">&#160;</a>-&#160;Apache Camel's Core is vulnerable to XXE in XSD validation processor</li></ul><h3 id="SecurityAdvisories-2017">2017</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2017-12634.txt.asc?version=1&amp;modificationDate=1510733922000&amp;api=v2" data-linked-resource-id="74687198" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-12634.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2017-12634</a>&#160;- Apache Camel's Castor unmarshalling operation is vulnerable to Remote Code Execution attacks</li><li><a shape="rect" href="security-advisories.data/CVE-2017-12633.txt.asc?version=1&amp;modificationDate=1510733921000&amp;api=v2" data-linked-resource-id="
 74687197" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-12633.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2017-12633</a>&#160;- Apache Camel's Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks</li><li><a shape="rect" href="security-advisories.data/CVE-2017-5643.txt.asc?version=1&amp;modificationDate=1489652454000&amp;api=v2" data-linked-resource-id="68719271" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-5643.txt.asc" data-linked-resource-content-type="application/pgp-encrypted" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2017-5643</a>&#160;-&#160;Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE</li>
 <li><a shape="rect" href="security-advisories.data/CVE-2017-3159.txt.asc?version=1&amp;modificationDate=1486565167000&amp;api=v2" data-linked-resource-id="67641933" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-3159.txt.asc" data-linked-resource-content-type="application/pgp-encrypted" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2017-3159</a>&#160;-&#160;Apache Camel's Snakeyaml unmarshalling operation is vulnerable to Remote Code Execution attacks</li></ul><h3 id="SecurityAdvisories-2016">2016</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2016-8749.txt.asc?version=2&amp;modificationDate=1486565034000&amp;api=v2" data-linked-resource-id="67641927" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-8749.txt.asc" data-linked-resource-content-type="application/pgp-encrypted" data-linked
 -resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2016-8749</a>&#160;-&#160;Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2015-5344.txt.asc?version=1&amp;modificationDate=1454056803000&amp;api=v2" data-linked-resource-id="61338184" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5344.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2015-5344</a>&#160;-&#160;Apache Camel's XStream usage is vulnerable&#160;to Remote Code Execution attacks.</li><li><a shape="rect" href="security-advisories.data/CVE-2015-5348.txt.asc?version=1&amp;modificationDate=1450340845000&amp;api=v2" data-linked-resourc
 e-id="61333112" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5348.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2015-5348</a> - Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability.</li><li><a shape="rect" href="security-advisories.data/CVE-2015-0264.txt.asc?version=1&amp;modificationDate=1426539191000&amp;api=v2" data-linked-resource-id="54165590" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-0264.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2015-0264</a> - The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile ob
 jects allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration. The XML External Entity (XXE) will be resolved before the Exception is thrown.</li><li><a shape="rect" href="security-advisories.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178000&amp;api=v2" data-linked-resource-id="54165589" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-0263.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2015-0263</a> - The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.</li></ul><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-0003.txt.asc?version=1&amp;modificationDate=1393615582000&amp;
 api=v2" data-linked-resource-id="40009835" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0003.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2014-0003</a> - The Apache Camel XSLT component allows XSL stylesheets to perform calls to external Java methods.</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0002.txt.asc?version=1&amp;modificationDate=1393615569000&amp;api=v2" data-linked-resource-id="40009834" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-0002.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2014-0002</a> - The Apache Camel XSLT component will resolve entities in XM
 L messages when transforming them using an xslt route.</li></ul><h3 id="SecurityAdvisories-2013">2013</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2013-4330.txt.asc?version=1&amp;modificationDate=1380633919000&amp;api=v2" data-linked-resource-id="35192841" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2013-4330.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="22">CVE-2013-4330</a> - Writing files using FILE or FTP components, can potentially be exploited by a malicious user.</li></ul><p><br clear="none"></p></div>
         </td>
         <td valign="top">
           <div class="navigation">