Количество 5
Количество 5
CVE-2025-27636
Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method on the bean, than was coded in the application. In the camel-jms component, then a malicious header can be used to send the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component The attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are directly connected to the internet via HTTP, t...
CVE-2025-27636
Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method on the bean, than was coded in the application. In the camel-jms component, then a malicious header can be used to send the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component The attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are directly connected to the internet v
GHSA-2c2h-2855-mf97
Apache Camel: Camel Message Header Injection via Improper Filtering
BDU:2025-02723
Уязвимость компонента Default Header Filtering фреймворка Apache Camel, связанная с недостаточной проверкой регистра, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность защищаемой информации
BDU:2025-03703
Уязвимость компонента Header Handler java-фреймворка Apache Camel, позволяющая нарушителю оказать воздействие целостность и доступность защищаемой информации
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-27636 Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method on the bean, than was coded in the application. In the camel-jms component, then a malicious header can be used to send the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component The attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are directly connected to the internet via HTTP, t... | CVSS3: 6.3 | 52% Средний | 6 месяцев назад |
 | CVE-2025-27636 Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, to call another method on the bean, than was coded in the application. In the camel-jms component, then a malicious header can be used to send the message to another queue (on the same broker) than was coded in the application. This could also be seen by using the camel-exec component The attacker would need to inject custom headers, such as HTTP protocols. So if you have Camel applications that are directly connected to the internet v | CVSS3: 5.6 | 52% Средний | 6 месяцев назад |
| GHSA-2c2h-2855-mf97 Apache Camel: Camel Message Header Injection via Improper Filtering | 52% Средний | 6 месяцев назад | |
 | BDU:2025-02723 Уязвимость компонента Default Header Filtering фреймворка Apache Camel, связанная с недостаточной проверкой регистра, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность защищаемой информации | CVSS3: 5.6 | 52% Средний | 6 месяцев назад |
| BDU:2025-03703 Уязвимость компонента Header Handler java-фреймворка Apache Camel, позволяющая нарушителю оказать воздействие целостность и доступность защищаемой информации | CVSS3: 4.8 | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу