2 matches found
CVE-2026-46585 Apache Camel Lucene: The query control headers used non-Camel-prefixed names (QUERY, RETURN_LUCENE_DOCS) that bypass the HTTP header filter, allowing an HTTP client to inject the full-text search query
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header LuceneConstants.HEADERQUERY whose value was the plain string QUERY and RETURNLUCENEDOCS for...
CVE-2026-46585
The CVE describes an improper input validation/authorization bypass in the Apache Camel Lucene component. The root cause is that the Camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value is the plain string QUERY (and RETURN_LUCENE_DOCS f...