Lucene search
K

35547 matches found

Snyk
Snyk
added 2026/07/06 12:40 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the filter process. An attacker can bypass intended security restrictions by supplying specially crafted argument headers that are not properly validated...

7.3CVSS6AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.iotdb:iotdb-server is a data management system for time series data, which can provide users specific services, such as, data collection, storage and analysis. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the...

8.7CVSS6AI score0.00546EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the logging process when the DEBUG loglevel is enabled. An attacker can access sensitive information, such as API keys or LLM response data, by reading log files generated under these conditions. This is only...

7CVSS6AI score0.00119EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the logging process when the DEBUG loglevel is enabled. An attacker can access sensitive information, such as API keys or LLM response data, by reading log files generated under these conditions. This is only...

7CVSS6AI score0.00119EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data through deserializeMetadata when it reads key metadata from AWS Secrets Manager. An attacker who can write the secret that holds the PQC key metadata can supply a crafted Base64-encoded Java serializati...

9.8CVSS6.6AI score0.00691EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload that deserializes into a collection such as HashMap containing...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload that deserializes into a collection such as HashMap containing...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload that deserializes into a collection such as HashMap containing...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload that deserializes into a collection such as HashMap containing...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload that deserializes into a collection such as HashMap containing...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Deserialization of Untrusted Data

Overview org.apache.camel:camel-netty is a Netty component for Apache Camel. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload th...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Deserialization of Untrusted Data

Overview org.apache.camel:camel-netty-http is a versatile open-source integration framework based on known Enterprise Integration Patterns. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload that deserializes into a collection such as HashMap containing...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload that deserializes into a collection such as HashMap containing...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload that deserializes into a collection such as HashMap containing...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the default ObjectInputFilter. An attacker can trigger DNS-based information disclosure by sending a Java-serialized payload that deserializes into a collection such as HashMap containing...

8.7CVSS6.1AI score0.00546EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the ElasticSearchRestClientConstant header names and ElasticsearchRestClientEndpointBuilderFactory producer headers. An attacker can override the Elasticsearch query, operation, index...

6.9CVSS6.1AI score0.00451EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.6 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the DoclingProducer custom CLI argument handling in camel-docling. An attacker can pass untrusted values through the CamelDoclingCustomArguments header to make the producer append unintended docling flag...

9.1CVSS6.1AI score0.01569EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the managed Hazelcast instance creation paths in HazelcastDefaultComponentgetOrCreateHzInstance, HazelcastUtilnewInstance, HazelcastAggregationRepositorydoStart, and...

9.2CVSS6.5AI score0.00804EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ObjectInputFilter VertxHttpHelper.deserializeJavaObjectFromStream and NettyHttpHelper.deserializeJavaObjectFromStream. An attacker can achieve remote code execution on a Camel application host b...

9.2CVSS6.5AI score0.00724EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Deserialization of Untrusted Data

Overview org.apache.camel:camel-netty-http is a versatile open-source integration framework based on known Enterprise Integration Patterns. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ObjectInputFilter VertxHttpHelper.deserializeJavaObjectFromStre...

9.2CVSS6.5AI score0.00724EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation in certain Thrift RPC query handlers, which do not strictly validate the sessionId parameter. An attacker can read time-series data without authenticating by sending query requests carrying a forged sessionId, which t...

9.1CVSS6AI score0.00471EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

User Impersonation

Overview org.apache.iotdb:iotdb-server is a data management system for time series data, which can provide users specific services, such as, data collection, storage and analysis. Affected versions of this package are vulnerable to User Impersonation in certain Thrift RPC query handlers, which do...

9.1CVSS6AI score0.00471EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Directory Traversal

Overview org.apache.iotdb:iotdb-server is a data management system for time series data, which can provide users specific services, such as, data collection, storage and analysis. Affected versions of this package are vulnerable to Directory Traversal in the DataNode internal RPC interface for...

9.8CVSS6.5AI score0.00509EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through Sqs2HeaderFilterStrategy. An attacker can inject Camel control headers into an SQS message by sending message attributes such as CamelHttpUri, CamelFileName, or CamelSqlQuery to a consumed queue. Those...

9.8CVSS6.1AI score0.00472EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the DataNode internal RPC interface for creating Trigger instances, which builds a file path from the uploaded Trigger JAR name without sufficient validation. An attacker can write arbitrary files with the...

9.8CVSS6.5AI score0.00509EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through CometdBinding.populateExchangeFromMessage in camel-cometd. An attacker can inject Camel control headers into a CometD message by supplying an ext.CamelHeaders map when publishing to a CometD endpoint. T...

9.8CVSS6.1AI score0.00487EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the NatsConsumer process. An attacker can manipulate downstream producer behavior by injecting arbitrary control headers into messages published to the...

7.5CVSS6.1AI score0.00423EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via KeycloakSecurityHelper.parseAndVerifyAccessToken in the camel-keycloak component. An attacker can authenticate with an expired or not-yet-valid access token by sending a signed token to code paths tha...

9.8CVSS6.2AI score0.00411EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the deserializeMetadata paths in AwsSecretsManagerKeyLifecycleManager, HashicorpVaultKeyLifecycleManager, and the legacy metadata migration path in FileBasedKeyLifecycleManager. An attacker can...

8.8CVSS6.5AI score0.00485EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.apache.camel:camel-mail is a Camel Mail support. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through MailProducer.getSender in the mail component. An attacker can weaken SMTP transport security or...

6.9CVSS6.1AI score0.00378EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.6 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the Neo4jProducer.retrieveNodes and deleteNode processes when JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause...

8.8CVSS6.2AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.2 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the operationName and operationNamespace headers, which are not properly filtered by the HTTP header filter. An attacker can cause the backend SOAP servi...

7.5CVSS6AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the LuceneConstants.HEADERQUERY and LuceneConstants.HEADERRETURNLUCENEDOCS headers in the Lucene producer. An attacker can override the intended Lucene search by sending an HTTP...

7.5CVSS6.2AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the VertxWebsocketConsumer inbound header mapping in components/camel-vertx/camel-vertx-websocket. An attacker can redirect server-side HTTP requests and disclose sensitive values by sending WebSocke...

7.5CVSS5.9AI score0.00536EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the improper handling of HTTP headers with the SolrParam. and SolrField. prefixes. An attacker can manipulate Solr query parameters or...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.5 views

Information Exposure

Overview org.apache.camel:camel-netty-http is a versatile open-source integration framework based on known Enterprise Integration Patterns. Affected versions of this package are vulnerable to Information Exposure via the muteException handling in the NettyHttpConfiguration and NettyHttpComponent...

6.9CVSS6.1AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DnsConstants header handling in components/camel-dns/src/main/java/org/apache/camel/component/dns/DnsConstants.java and the DNS producers that consume those headers. An attacker can redirect DNS...

9.1CVSS6.2AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the improper handling of Exchange message headers in the JIRA component. An attacker can perform unauthorized JIRA operations by supplying specially crafted HTTP headers, leveraging the endpoint's configure...

6.9CVSS6AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:35 a.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the kafka.OVERRIDETOPIC and other kafka. headers that bypass the upstream HTTP header filter. An attacker can redirect messages to arbitrary Kafka topics...

6.9CVSS6.1AI score0.00385EPSS
Exploits0References2
Total number of security vulnerabilities35547