4 matches found
CVE-2025-27636
CVE-2025-27636 affects Apache Camel versions 4.10.0–4.10.1, 4.8.0–4.8.4, and 3.10.0–3.22.3. The root cause is a case-sensitive DefaultHeaderFilterStrategy that only blocks headers starting with Camel, camel, or org.apache.camel., allowing attackers to inject Camel-specific headers. In vulnerable ...
CVE-2025-29891
CVE-2025-29891 describes a bypass/injection in Apache Camel where the default incoming header filter may be bypassed, allowing headers to influence internal components (e.g., camel-bean, camel-exec) via HTTP parameters or headers. Affected versions: Camel 4.10.0–4.10.1/4.10.0–4.10.1, 4.8.0–4.8.4/...
CVE-2025-30177
Apache Camel vulnerability CVE-2025-30177 affects Camel-Undertow in Camel versions 4.10.0–4.10.3 and 4.8.0–4.8.6, where the DefaultHeaderFilterStrategy is insufficiently filtering incoming headers. The issue allows Camel-specific headers to bypass the header filter (notably in the Camel-Undertow ...
CVE-2026-49042
CVE-2026-49042 : This is an Improper Input Validation vulnerability in Apache Camel affecting 4.8.0–4.18.2 and 4.19.0–4.20.0. The issue’s root cause is input validation weaknesses. Fixed in Camel releases 4.18.3 and 4.21.0. CVSSv3.1 base score 7.3 (HIGH) with NETWORK attack vector, NO privileges,...