CVE-2014-0002: Read arbitrary files

March 21, 2014 (updated May 24, 2019)

The XSLT component in this package allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0002
access.redhat.com/security/cve/CVE-2014-0002
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0002

Code Behaviors & Features

Detect and mitigate CVE-2014-0002 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →