Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 p.m.10 views

CVE-2026-49754

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:25 p.m.6 views

CVE-2026-47323

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...

9.9CVSS7.7AI score0.79817EPSS
Exploits4References2Affected Software1
Veracode
Veracode
added 2026/05/05 11:24 a.m.11 views

Header Injection

Apache Camel is vulnerable to Header Injection. The vulnerability is due to missing inbound header filtering in the MailHeaderFilterStrategy, which allows an attacker to inject malicious Camel-specific headers via email and manipulate downstream component behavior...

9.4CVSS5.8AI score0.00621EPSS
Exploits0References13Affected Software3
OSV
OSV
added 2026/04/27 12:30 p.m.4 views

GHSA-2VQF-X7G4-7C2G Apache Camel's Camel-Mail component is vulnerable to Camel message header injection

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

9.4CVSS5.8AI score0.00621EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:42 a.m.2 views

CVE-2026-33454

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

6.5CVSS7AI score0.79817EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2026/04/27 9:42 a.m.37 views

CVE-2026-33454 Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

0.00621EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 9:42 a.m.96 views

CVE-2026-33454

The CVE describes an inbound header filtering gap in Camel-Mail (MailHeaderFilterStrategy): inbound headers are not filtered, allowing attacker-delivered email to inject Camel-specific headers that can influence downstream components (e.g., camel-bean, camel-exec, camel-sql). Affected: Apache Cam...

9.4CVSS5.3AI score0.00621EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder