Lucene search
K

982 matches found

CVE
CVE
added 2026/05/12 1:58 p.m.17 views

CVE-2026-5061

The affected software is consul-template. Before version 0.42.0, the library’s file template helper is vulnerable to a sandbox path bypass that may allow reading an out-of-sandbox file. The underlying issue is a path bypass in the file template helper, enabling access outside the intended sandbox...

4.7CVSS5.8AI score0.00109EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-40036

Name of the Vulnerable Software and Affected Versions consul-template versions prior to 0.42.0 Description A sandbox path bypass exists in the file template helper, which may allow an attacker to read files located outside of the intended sandbox directory. Recommendations Update to version 0.42....

4.7CVSS5.8AI score0.00109EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/10 1:11 a.m.8 views

SUSE CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

5.8CVSS7.1AI score0.00725EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/10 1:11 a.m.5 views

SUSE CVE-2024-10006

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

5.8CVSS7.1AI score0.00473EPSS
Exploits0References5
Veracode
Veracode
added 2026/05/04 8:43 a.m.13 views

Deserialization Of Untrusted Data

Apache Camel is vulnerable to Unsafe Deserialization. The vulnerability is due to deserialization of untrusted data in ConsulRegistryUtils.deserialize using ObjectInputStream.readObject without applying an ObjectInputFilter, allowing attackers with write access to the Consul KV store to inject...

8.8CVSS6.1AI score0.00667EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/27 12:30 p.m.11 views

Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

8.8CVSS6.3AI score0.00667EPSS
Exploits1References10Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/27 12:30 p.m.6 views

org.apache.camel.kafkaconnector:camel-consul-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-consul (>=4.10.3 <=4.14.5) +7 more potentially affected by CVE-2026-27172 via org.apache.camel:camel-consul (>=3.0.0 <=4.14.5)

org.apache.camel:camel-consul MAVEN version =3.0.0, =0.1.0, =4.10.3, =4.10.3, =1.0.0, =1.0.0, =1.0.0, =4.10.0, =3.0.0, =4.14.5 - org.wildfly.camel:wildfly-camel-itests-standalone-docker =12.0.0 Source cves: CVE-2026-27172 Source advisory: OSV:GHSA-5RC6-9QFP-8VWG...

8.8CVSS5.8AI score0.00667EPSS
Exploits1
OSV
OSV
added 2026/04/27 12:30 p.m.13 views

GHSA-5RC6-9QFP-8VWG Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

6.3CVSS6.3AI score0.00667EPSS
Exploits1References10
vulnersOsv
vulnersOsv
added 2026/04/27 12:14 p.m.8 views

org.apache.camel.kafkaconnector:camel-consul-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-consul (>=4.10.3 <=4.14.5) +8 more potentially affected by CVE-2026-27172 via org.apache.camel:camel-consul (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-consul MAVEN version =3.0.0-M1, =0.1.0, =4.10.3, =4.10.3, =1.0.0, =1.0.0, =1.0.0, =4.10.0, =3.0.0, =3.0.0-M1, =3.0.0-RC3 - org.wildfly.camel:wildfly-camel-itests-standalone-docker =12.0.0 Source cves: CVE-2026-27172 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321641...

8.8CVSS5.8AI score0.00667EPSS
Exploits1
Snyk
Snyk
added 2026/04/27 12:14 p.m.9 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ConsulRegistryUtils.deserialize method which fails to without apply an ObjectInputFilter. An attacker can execute arbitrary code by injecting a malicious serialized Java object into the Consul K...

8.8CVSS6.1AI score0.00667EPSS
Exploits1References2
NVD
NVD
added 2026/04/27 11:16 a.m.8 views

CVE-2026-27172

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

8.8CVSS0.00667EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/27 9:59 a.m.35 views

CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

0.00667EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/27 9:59 a.m.12 views

CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

6.2AI score0.00667EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:59 a.m.8 views

CVE-2026-27172

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

9.8CVSS8.6AI score0.01145EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2026/04/27 9:59 a.m.31 views

CVE-2026-27172

CVE-2026-27172 affects Apache Camel, Camel-Catalog: the ConsulRegistry reads Java-serialized values from the Consul KV store and deserializes them via ObjectInputStream.readObject() without an ObjectInputFilter. An attacker with write access to the backing KV store can inject a malicious serializ...

8.8CVSS6.3AI score0.00667EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

Apache Camel 代码问题漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...

8.8CVSS6.1AI score0.00667EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.17 views

PT-2026-35393

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

6.2AI score0.00667EPSS
Exploits1References2
Chainguard
Chainguard
added 2026/04/25 7:17 p.m.5 views

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: tekton-pipelines-fips, buildah, net-kourier, haproxy-ingress, gitlab-workhorse-ce, falco-no-driver, crossplane-provider-aws-wafv2-fips, crossplane-provider-aws-elbv2-fips, cert-manager-openshift-routes-fips, crossplane-provider-azure-purview,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.8 views

CVE-2026-35469 vulnerabilities

Vulnerabilities for packages: gitlab-kas, k9s, eksctl, argocd-image-updater, kubescape, kubeflow-pipelines, aws-node-termination-handler, vcluster, rancher-agent, cilium, kubernetes, datadog-agent, docker-cli-buildx, rancher-fleet, verticadb-operator, jitsucom-bulker, argo-cd, k3s,...

8.7CVSS5.9AI score0.00656EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.9 views

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: gitlab-kas, k9s, eksctl, argocd-image-updater, kubescape, kubeflow-pipelines, aws-node-termination-handler, vcluster, rancher-agent, cilium, kubernetes, datadog-agent, docker-cli-buildx, rancher-fleet, verticadb-operator, jitsucom-bulker, argo-cd, k3s,...

5.9AI score
Exploits0
Rows per page
Query Builder