79 matches found
GHSA-H2QV-FJ59-J46J vulnerabilities
Vulnerabilities for packages: knative-kafka-broker-fips, neo4j, knative-kafka-broker, apache-hop, apicurio-registry, keycloak-fips, apache-activemq-artemis, management-api-for-apache-cassandra-5.0, apache-hop-fips, pinot, request-9047-keycloak-fips, thingsboard, hono, celeborn, pinot-fips, zipkin...
CVE-2026-48059 vulnerabilities
Vulnerabilities for packages: knative-kafka-broker-fips, neo4j, knative-kafka-broker, apache-hop, apicurio-registry, keycloak-fips, apache-activemq-artemis, management-api-for-apache-cassandra-5.0, apache-hop-fips, pinot, request-9047-keycloak-fips, thingsboard, hono, celeborn, pinot-fips, zipkin...
Improper Validation of Unsafe Equivalence in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the CXF-RS or CXF-SOAP endpoints due to missing inbound filtering via setInFilterStartsWith. An attacker can execute arbitrary code and write files by injecting Camel-internal header...
org.apache.camel.k:camel-k-itests-knative (>=1.14.0 <=3.2.3), org.apache.camel.k:camel-k-itests-knative-consumer (>=1.14.0 <=3.2.3) +32 more potentially affected by CVE-2026-47323 via org.apache.camel:camel-knative (>=3.18.0 <=4.14.5)
org.apache.camel:camel-knative MAVEN version =3.18.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.15.2 and more Source cves: CVE-2026-47323 Source advisory:...
GHSA-8364-HFQJ-PWM6 Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...
Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...
CVE-2026-47323
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...
CVE-2026-47323 Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...
EUVD-2026-30895
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...
CVE-2026-47323
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...
CVE-2026-47323 Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...
Apache Camel 安全漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...
PT-2026-41898
Name of the Vulnerable Software and Affected Versions Apache Camel affected versions not specified Description An unauthenticated attacker can perform message header injection due to missing inbound filtering in the CxfRsHeaderFilterStrategy and Knative HeaderFilterStrategy implementations. This...
CVE-2026-33814 vulnerabilities
Vulnerabilities for packages: fluent-operator, rabbitmq-cluster-operator, cert-exporter, cert-manager-cmctl, cephcsi-fips, dragonfly-operator-fips, kserve-modelmesh-serving, kubescape-server-fips, crossplane-provider-aws-vpc-fips, nfs-subdir-external-provisioner, local-static-provisioner-fips,...
GHSA-CM33-6792-R9FM vulnerabilities
Vulnerabilities for packages: s3proxy-fips, trino, druid, elasticsearch-fips, management-api-for-apache-cassandra-5.0, kafbat-ui, apache-nifi, s3proxy, spark-kubernetes-operator-fips, kafbat-ui-fips, strimzi-kafka-operator, kayenta, strimzi-kafka-operator-fips, spark-fips, flyway-fips,...
CVE-2026-42579 vulnerabilities
Vulnerabilities for packages: s3proxy-fips, trino, druid, elasticsearch-fips, management-api-for-apache-cassandra-5.0, kafbat-ui, apache-nifi, s3proxy, spark-kubernetes-operator-fips, kafbat-ui-fips, strimzi-kafka-operator, kayenta, strimzi-kafka-operator-fips, spark-fips, flyway-fips,...
CVE-2026-35554 vulnerabilities
Vulnerabilities for packages: druid, debezium-connector-informix, apache-nifi, logstash, strimzi-kafka-operator, debezium, strimzi-kafka-operator-fips, debezium-connector-vitess, debezium-connector-db2, opensearch, knative-kafka-broker, debezium-connector-ibmi, knative-kafka-broker-fips,...
GHSA-5QCV-4RPC-JP93 vulnerabilities
Vulnerabilities for packages: druid, debezium-connector-informix, apache-nifi, logstash, strimzi-kafka-operator, debezium, strimzi-kafka-operator-fips, debezium-connector-vitess, debezium-connector-db2, opensearch, knative-kafka-broker, debezium-connector-ibmi, knative-kafka-broker-fips,...
CVE-2026-32289 vulnerabilities
Vulnerabilities for packages: syft, prometheus-pushgateway, aws-node-termination-handler, cilium-cli, kafka-proxy, kubernetes-csi-driver-nfs, dapr, spicedb-operator, pulumi-language-java, snyk-cli, knative-client, swagger, gitlab-kas, kubernetes-csi-node-driver-registrar, golangci-lint,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: syft, prometheus-pushgateway, aws-node-termination-handler, cilium-cli, kafka-proxy, kubernetes-csi-driver-nfs, dapr, spicedb-operator, pulumi-language-java, snyk-cli, knative-client, swagger, gitlab-kas, kubernetes-csi-node-driver-registrar, golangci-lint,...