The Apache Camel XSLT component will resolve entities in XML messages when transforming them using an xslt route. A remote attacker able to submit messages to an xslt route could use this flaw to read files accessible to the running application server and potentially perform other more advanced XXE attacks. Versions affected include Camel 2.11.0 to 2.11.3 and Camel 2.12.0 to 2.12.2.
fdf7091172d1b40b3ec4395b99eb19719f939f7a365eba05f6877cc447aea1a5