9 matches found
ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)
org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...
org.apache.camel.kafkaconnector:camel-google-pubsub-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-google-pubsub-sink-kafka-connector (>=1.0.0 <=4.14.5) +13 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-google-pubsub (>=3.0.0-M1 <=4.14.5)
org.apache.camel:camel-google-pubsub MAVEN version =3.0.0-M1, =0.1.0, =1.0.0, =1.0.0, =3.19.0, =4.10.2, =0.9.0, =4.10.3, =4.10.3, =1.0.0, =1.0.0, =1.0.0, =1.5.0, =3.0.0, =3.0.0-M1, =3.0.0-RC3 - org.qubership.integration.platform:qip-e...
Improper Handling of Case Sensitivity
Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism HeaderFilterStrategy that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting...
org.apache.camel.kafkaconnector:camel-google-pubsub-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-google-pubsub-sink-kafka-connector (>=1.0.0 <=4.14.5) +12 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-google-pubsub (>=3.0.0 <=4.14.5)
org.apache.camel:camel-google-pubsub MAVEN version =3.0.0, =0.1.0, =1.0.0, =1.0.0, =3.19.0, =4.10.2, =0.9.0, =4.10.3, =4.10.3, =1.0.0, =1.0.0, =1.0.0, =1.5.0, =3.0.0, =0.5.0, =0.5.2 Source cves: CVE-2026-40453https://vulners.com/cv...
CVE-2026-40453
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
CVE-2026-40453 Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
EUVD-2026-25791
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
CVE-2026-40453 Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Google PubSub nodes are vulnerable to arbitrary code execution due to [CVE-2023-36665]
Summary Node.js module protobuf.js is used by IBM App Connect Enterprise Certified Container by the Google PubSub node. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the Google PubSub node are vulnerable to arbitrary code execution. This...