Apache · Apache Camel · CVE-2017-5643
**Name of the Vulnerable Software and Affected Versions**
Apache Camel versions prior to 2.17.6
Apache Camel versions prior to 2.18.3
**Description**
The Validation Component of Apache Camel is susceptible to Server-Side Request Forgery (SSRF) attacks via remote DTDs and XML External Entities (XXE) due to its evaluation of DTD headers in XML stream sources. This issue does not affect SAX or StAX sources.
**Recommendations**
For Apache Camel version 2.17.x, upgrade to version 2.17.6.
For Apache Camel version 2.18.x, upgrade to version 2.18.3.