Lucene search
K

8 matches found

CVE
CVE
added 11 hours ago7 views

CVE-2026-42527

Apache Camel CVE-2026-42527: A permissive default ObjectInputFilter pattern allows deserialization of java.net.* during deserialization of HashMap-like structures, triggering DNS lookups via URL keys. This creates an out-of-band information disclosure vector observable on attacker-controlled DNS ...

6AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/01 10:29 a.m.7 views

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (=1.3.0) +2 more potentially affected by CVE-2026-49157 via org.apache.activemq:apache-activemq (=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.activemq:apache-activemq and may be impacted: - org.apache.axis2:axis2-integration =1.4 - org.apache.camel:camel-example-cxf =1.3.0 -...

8.8CVSS5.4AI score0.00424EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.11 views

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

9.8CVSS6.4AI score0.00881EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/27 10:15 a.m.5 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism HeaderFilterStrategy that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting...

9.9CVSS6.2AI score0.0086EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/27 10:15 a.m.12 views

ca.islandora.alpaca:islandora-alpaca-app (>=2.0.0 <=2.2.0), ca.islandora.alpaca:islandora-connector-derivative (>=2.0.0 <=2.2.0) +82 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-jms (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-jms MAVEN version =3.0.0-M1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =3.0.0, =0.46, =0.3, =0.5, =0.1, =0.1, =1.0, =4.3.7.hyte-4307a, =4.3.7.hyte-4307a, =hyte-mq-4.3.7.hyte-43072 and more Source cves: CVE-2026-40453 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321636...

9.9CVSS5.8AI score0.0086EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/27 10:14 a.m.6 views

ca.islandora.alpaca:islandora-alpaca-app (>=2.0.0 <=2.2.0), ca.islandora.alpaca:islandora-connector-derivative (>=2.0.0 <=2.2.0) +82 more potentially affected by CVE-2026-40860 via org.apache.camel:camel-jms (>=3.0.0-M1 <=4.14.6)

org.apache.camel:camel-jms MAVEN version =3.0.0-M1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =3.0.0, =0.46, =0.3, =0.5, =0.1, =0.1, =1.0, =4.3.7.hyte-4307a, =4.3.7.hyte-4307a, =hyte-mq-4.3.7.hyte-43072 and more Source cves: CVE-2026-40860 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321536...

9.8CVSS5.8AI score0.00881EPSS
Exploits0
Snyk
Snyk
added 2026/04/27 10:14 a.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JmsBinding.extractBodyFromJms function in camel-jms and it's equivalents in camel-sjms that does not apply any ObjectInputFilter. An attacker can execute arbitrary code by sending a crafted JMS...

9.8CVSS6.2AI score0.00881EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/27 9:34 a.m.6 views

ca.islandora.alpaca:islandora-alpaca-app (>=2.0.0 <=2.2.0), ca.islandora.alpaca:islandora-connector-derivative (>=2.0.0 <=2.2.0) +79 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-jms (>=3.0.0 <=4.14.5)

org.apache.camel:camel-jms MAVEN version =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =3.0.0, =0.46, =0.3, =0.5, =0.1, =0.1, =1.0, =4.3.7.hyte-4307a, =4.3.7.hyte-4307a, =hyte-mq-4.3.7.hyte-43072 and more Source cves: CVE-2026-40453 Source advisory: OSV:GHSA-JG2M-9X48-3GVJ...

9.9CVSS5.5AI score0.0086EPSS
Exploits0
Rows per page
Query Builder