Launchpad.net

CVE 2014-3629

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.

See the CVE page on Mitre.org for more details.