XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc
http://www.securitytracker.com/id/1032442
http://rhn.redhat.com/errata/RHSA-2015-1539.html