Camel Dependency, Fixed in Akka 2.5.4
Description of Vulnerability
Apache Camel’s Validation Component is vulnerable against SSRF via remote DTDs and XXE, as described in CVE-2017-5643
To protect against such attacks the system should be updated to Akka 2.4.20, 2.5.4 or later. Dependencies to Camel libraries should be updated to version 2.17.7.
Severity
The CVSS score of this vulnerability is 7.4 (High), according to CVE-2017-5643.