Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 5 days ago3 views

CVE-2026-46584

A flaw was found in the Apache Camel Mail Component. This vulnerability, due to improper input validation, allows a remote attacker to exploit routes that channel untrusted input into the mail producer without proper header stripping. Before version 4.19.0, this could lead to the redirection of...

7.5CVSS5.9AI score0.00378EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:2 a.m.6 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score0.00378EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:2 a.m.34 views

CVE-2026-46584 Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

0.00378EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/20 8:47 p.m.12 views

Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

9.4CVSS5.7AI score0.00621EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.10 views

Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

9.4CVSS5.7AI score0.00621EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/30 2:11 p.m.7 views

CVE-2026-33454

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

9.4CVSS5.4AI score0.00621EPSS
Exploits1References4
OSV
OSV
added 2026/04/27 12:30 p.m.6 views

GHSA-2VQF-X7G4-7C2G Apache Camel's Camel-Mail component is vulnerable to Camel message header injection

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

9.4CVSS5.8AI score0.00621EPSS
Exploits1References17
vulnersOsv
vulnersOsv
added 2026/04/27 12:30 p.m.9 views

io.automatiko.addons.services:automatiko-receive-email-addon (>=0.7.0 <=0.46.0), org.apache.camel.kafkaconnector:camel-imap-kafka-connector (>=0.1.0 <=0.11.5) +21 more potentially affected by CVE-2026-33454 via org.apache.camel:camel-mail (>=3.0.0 <=4.14.5)

org.apache.camel:camel-mail MAVEN version =3.0.0, =0.7.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.0.0, =3.25.0, =1.0.0, =1.0.0, =3.19.0, =3.27.3 and more Source cves: CVE-2026-33454https://...

9.4CVSS5.8AI score0.00621EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/04/27 12:30 p.m.8 views

Apache Camel's Camel-Mail component is vulnerable to Camel message header injection

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

9.4CVSS7.2AI score0.00621EPSS
Exploits1References17Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/27 11:13 a.m.7 views

io.automatiko.addons.services:automatiko-receive-email-addon (>=0.7.0 <=0.46.0), org.apache.camel.kafkaconnector:camel-imap-kafka-connector (>=0.1.0 <=0.11.5) +22 more potentially affected by CVE-2026-33454 via org.apache.camel:camel-mail (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-mail MAVEN version =3.0.0-M1, =0.7.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =0.2.0, =3.25.0, =0.2.0, =0.2.0, =3.19.0, =3.27.3 and more Source cves: CVE-2026-33454https...

9.4CVSS5.8AI score0.00621EPSS
Exploits1
Snyk
Snyk
added 2026/04/27 11:13 a.m.6 views

Deserialization of Untrusted Data

Overview org.apache.camel:camel-mail is a Camel Mail support. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MailHeaderFilterStrategy component. An attacker can execute arbitrary code or alter application behavior by injecting specially crafted MIME...

9.4CVSS6.1AI score0.00621EPSS
Exploits1References2
NVD
NVD
added 2026/04/27 10:16 a.m.9 views

CVE-2026-33454

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

9.4CVSS0.00621EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/27 9:42 a.m.44 views

CVE-2026-33454 Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

0.00621EPSS
Exploits1References1
CVE
CVE
added 2026/04/27 9:42 a.m.99 views

CVE-2026-33454

The CVE describes an inbound header filtering gap in Camel-Mail (MailHeaderFilterStrategy): inbound headers are not filtered, allowing attacker-delivered email to inject Camel-specific headers that can influence downstream components (e.g., camel-bean, camel-exec, camel-sql). Affected: Apache Cam...

9.4CVSS5.3AI score0.00621EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:42 a.m.4 views

CVE-2026-33454

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

6.5CVSS7AI score0.79817EPSS
Exploits5References2Affected Software1
EUVD
EUVD
added 2026/04/27 9:42 a.m.7 views

EUVD-2026-25806

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

9.4CVSS5.3AI score0.00621EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.12 views

Apache Camel 代码问题漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

9.4CVSS5.9AI score0.00621EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.11 views

PT-2026-35384

Name of the Vulnerable Software and Affected Versions Camel-Mail affected versions not specified Description An issue exists in the Camel-Mail component where a missing inbound filter allows for message header injection. An attacker can send a specially crafted email to a mailbox monitored by a...

9.7CVSS5.8AI score0.00621EPSS
Exploits1References36
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0633

Malware in sbrugna...

5.3CVSS5.7AI score0.09847EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2018/12/04 4:0 p.m.194 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.2 security update

An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS7.6AI score0.21979EPSS
Exploits2References16
Rows per page
Query Builder