Lucene search
K

5 matches found

NVD
NVD
added 5 hours ago4 views

CVE-2026-46585

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header LuceneConstants.HEADERQUERY whose value was the plain string QUERY and RETURNLUCENEDOCS for...

Exploits0References2
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-49099 Apache Camel Salesforce: Non-Camel-prefixed Exchange header constants bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

Exploits0References1
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-46453 Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operation

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

Exploits0References1
CVE
CVE
added 6 hours ago5 views

CVE-2026-46453

Summary (CVE-2026-46453) : Apache Camel’s camel-elasticsearch-rest-client reads unprefixed HTTP header constants (SEARCH_QUERY, OPERATION, INDEX_NAME, INDEX_SETTINGS, ID). The inbound header filter only blocks headers starting with Camel/camel, so these headers bypass filtering and can be sent by...

6AI score
Exploits0References2
Prion
Prion
added 2013/12/07 12:55 a.m.40 views

Design/Logic Flaw

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

6.4CVSS7.1AI score0.05673EPSS
Exploits1References11Affected Software2
Rows per page
Query Builder