Apache camel-coap allows header injection that can lead to remote code execution

Apache Camel's camel-coap component is vulnerable to header injection because it maps CoAP request URI query parameters directly into Camel message headers without applying a HeaderFilterStrategy. An unauthenticated attacker can send a crafted CoAP request to inject arbitrary Camel internal heade...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism HeaderFilterStrategy that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting...

org.apache.camel.kafkaconnector:camel-coap-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-coap-tcp-kafka-connector (>=0.1.0 <=0.11.5) +9 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-coap (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-coap MAVEN version =3.0.0-M1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.0.0, =3.0.0-M1, =3.0.0-RC3 Source cves: CVE-2026-40453 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321638...

org.apache.camel.kafkaconnector:camel-coap-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-coap-tcp-kafka-connector (>=0.1.0 <=0.11.5) +8 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-coap (>=3.0.0 <=4.14.5)

org.apache.camel:camel-coap MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.0.0, =4.14.5 Source cves: CVE-2026-40453 Source advisory: OSV:GHSA-JG2M-9X48-3GVJ...

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

PT-2026-35394

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.5 Apache Camel versions prior to 4.18.1 Apache Camel version 4.19.0 Description The camel-coap component is susceptible to message header injection. The CamelCoapResource.handleRequest function iterate...

org.apache.camel.karaf:camel-coap (>=4.7.0 <=4.18.2), org.apache.camel.quarkus:camel-quarkus-coap (>=3.8.0 <=3.36.0) +32 more potentially affected by CVE-2022-39368 via org.eclipse.californium:scandium (>=3.0.0 <=3.6.0)

org.eclipse.californium:scandium MAVEN version =3.0.0, =4.7.0, =3.8.0, =3.8.0, =3.8.0, =4.4.0, =4.4.0, =3.0.0, =3.0.0, =3.0.0, =3.12.0, =2.0.0, =2.0.0-M6, =2.0.0-M6, =2.0.0-M6, =2.0.0-M6, =2.0.0-M15 and more Source cves: CVE-2022-39368 Source advisory: OSV:GHSA-P72G-CGH9-GHJG...

com.github.xitren.fx:signal-ui-fx (>=1.5.2 <=1.7.10), nl.stijngroenen.tradfri:ikea-tradfri-api (>=1.0.0 <=1.2.0) +26 more potentially affected by CVE-2022-2576 via org.eclipse.californium:californium-core (>=2.0.0 <=2.7.2)

org.eclipse.californium:californium-core MAVEN version =2.0.0, =1.5.2, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.1.0, =3.1.0, =2.0.0, =2.0.0, =2.3.0, =2.7.2 and more Source cves: CVE-2022-2576 Source advisory:...

io.github.xiaomisum:ryze-coap (=6.1.0), org.apache.camel.karaf:camel-coap (>=4.7.0 <=4.18.2) +34 more potentially affected by CVE-2022-2576 via org.eclipse.californium:californium-core (>=3.0.0 <=3.5.0)

org.eclipse.californium:californium-core MAVEN version =3.0.0, =4.7.0, =3.8.0, =3.8.0, =3.8.0, =4.4.0, =4.4.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.12.0, =2.0.0, =2.0.0-M6, =2.0.0-M15 and more Source cves: CVE-2022-2576 Source advisory: OSV:GHSA-QQ3J-44GW-CF6R...