Lucene search
K
ApacheCamel4.8.0

4 matches found

CVE
CVE
added 2025/03/09 12:9 p.m.285 views

CVE-2025-27636

CVE-2025-27636 affects Apache Camel versions 4.10.0–4.10.1, 4.8.0–4.8.4, and 3.10.0–3.22.3. The root cause is a case-sensitive DefaultHeaderFilterStrategy that only blocks headers starting with Camel, camel, or org.apache.camel., allowing attackers to inject Camel-specific headers. In vulnerable ...

5.6CVSS5.1AI score0.79817EPSS
In wild
CVE
CVE
added 2025/03/12 2:42 p.m.202 views

CVE-2025-29891

CVE-2025-29891 describes a bypass/injection in Apache Camel where the default incoming header filter may be bypassed, allowing headers to influence internal components (e.g., camel-bean, camel-exec) via HTTP parameters or headers. Affected versions: Camel 4.10.0–4.10.1/4.10.0–4.10.1, 4.8.0–4.8.4/...

4.8CVSS5.2AI score0.71999EPSS
In wild
CVE
CVE
added 2025/04/01 11:56 a.m.97 views

CVE-2025-30177

Apache Camel vulnerability CVE-2025-30177 affects Camel-Undertow in Camel versions 4.10.0–4.10.3 and 4.8.0–4.8.6, where the DefaultHeaderFilterStrategy is insufficiently filtering incoming headers. The issue allows Camel-specific headers to bypass the header filter (notably in the Camel-Undertow ...

6.5CVSS7.1AI score0.01009EPSS
CVE
CVE
added 2026/07/06 9:34 a.m.12 views

CVE-2026-49042

CVE-2026-49042 : This is an Improper Input Validation vulnerability in Apache Camel affecting 4.8.0–4.18.2 and 4.19.0–4.20.0. The issue’s root cause is input validation weaknesses. Fixed in Camel releases 4.18.3 and 4.21.0. CVSSv3.1 base score 7.3 (HIGH) with NETWORK attack vector, NO privileges,...

7.3CVSS5.9AI score0.00399EPSS