Lucene search
K

7 matches found

NVD
NVD
added 13 hours ago7 views

CVE-2026-55994

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

7.5CVSS
Exploits0References2
CVE
CVE
added 14 hours ago7 views

CVE-2026-55994

CVE-2026-55994 (Apache Camel Iggy) : The inbound Iggy consumer maps external user-headers into the Camel Exchange without a HeaderFilterStrategy, allowing an attacker publishing to the Iggy stream to inject Camel internal control headers (e.g., CamelHttpUri). This can redirect server-side HTTP re...

6AI score
Exploits0References2
Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-46457 Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

Exploits0References1
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-41830

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

9.8CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-46453 Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operation

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-49754

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS5.6AI score0.00384EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 9:42 a.m.6 views

EUVD-2026-25806

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

9.4CVSS5.3AI score0.00621EPSS
Exploits1References1
Rows per page
Query Builder