982 matches found
CVE-2026-5061
The affected software is consul-template. Before version 0.42.0, the library’s file template helper is vulnerable to a sandbox path bypass that may allow reading an out-of-sandbox file. The underlying issue is a path bypass in the file template helper, enabling access outside the intended sandbox...
PT-2026-40036
Name of the Vulnerable Software and Affected Versions consul-template versions prior to 0.42.0 Description A sandbox path bypass exists in the file template helper, which may allow an attacker to read files located outside of the intended sandbox directory. Recommendations Update to version 0.42....
SUSE CVE-2024-10005
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
SUSE CVE-2024-10006
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...
Deserialization Of Untrusted Data
Apache Camel is vulnerable to Unsafe Deserialization. The vulnerability is due to deserialization of untrusted data in ConsulRegistryUtils.deserialize using ObjectInputStream.readObject without applying an ObjectInputFilter, allowing attackers with write access to the Consul KV store to inject...
Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
org.apache.camel.kafkaconnector:camel-consul-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-consul (>=4.10.3 <=4.14.5) +7 more potentially affected by CVE-2026-27172 via org.apache.camel:camel-consul (>=3.0.0 <=4.14.5)
org.apache.camel:camel-consul MAVEN version =3.0.0, =0.1.0, =4.10.3, =4.10.3, =1.0.0, =1.0.0, =1.0.0, =4.10.0, =3.0.0, =4.14.5 - org.wildfly.camel:wildfly-camel-itests-standalone-docker =12.0.0 Source cves: CVE-2026-27172 Source advisory: OSV:GHSA-5RC6-9QFP-8VWG...
GHSA-5RC6-9QFP-8VWG Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
org.apache.camel.kafkaconnector:camel-consul-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-consul (>=4.10.3 <=4.14.5) +8 more potentially affected by CVE-2026-27172 via org.apache.camel:camel-consul (>=3.0.0-M1 <=4.14.5)
org.apache.camel:camel-consul MAVEN version =3.0.0-M1, =0.1.0, =4.10.3, =4.10.3, =1.0.0, =1.0.0, =1.0.0, =4.10.0, =3.0.0, =3.0.0-M1, =3.0.0-RC3 - org.wildfly.camel:wildfly-camel-itests-standalone-docker =12.0.0 Source cves: CVE-2026-27172 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321641...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ConsulRegistryUtils.deserialize method which fails to without apply an ObjectInputFilter. An attacker can execute arbitrary code by injecting a malicious serialized Java object into the Consul K...
CVE-2026-27172
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
CVE-2026-27172
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
CVE-2026-27172
CVE-2026-27172 affects Apache Camel, Camel-Catalog: the ConsulRegistry reads Java-serialized values from the Consul KV store and deserializes them via ObjectInputStream.readObject() without an ObjectInputFilter. An attacker with write access to the backing KV store can inject a malicious serializ...
Apache Camel 代码问题漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...
PT-2026-35393
The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...
GHSA-MH2Q-Q3FH-2475 vulnerabilities
Vulnerabilities for packages: tekton-pipelines-fips, buildah, net-kourier, haproxy-ingress, gitlab-workhorse-ce, falco-no-driver, crossplane-provider-aws-wafv2-fips, crossplane-provider-aws-elbv2-fips, cert-manager-openshift-routes-fips, crossplane-provider-azure-purview,...
CVE-2026-35469 vulnerabilities
Vulnerabilities for packages: gitlab-kas, k9s, eksctl, argocd-image-updater, kubescape, kubeflow-pipelines, aws-node-termination-handler, vcluster, rancher-agent, cilium, kubernetes, datadog-agent, docker-cli-buildx, rancher-fleet, verticadb-operator, jitsucom-bulker, argo-cd, k3s,...
GHSA-PC3F-X583-G7J2 vulnerabilities
Vulnerabilities for packages: gitlab-kas, k9s, eksctl, argocd-image-updater, kubescape, kubeflow-pipelines, aws-node-termination-handler, vcluster, rancher-agent, cilium, kubernetes, datadog-agent, docker-cli-buildx, rancher-fleet, verticadb-operator, jitsucom-bulker, argo-cd, k3s,...