Apache

Camel

75 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.86%
  • Veröffentlicht 27.04.2026 08:23:20
  • Zuletzt bearbeitet 27.06.2026 05:16:44

The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not a...

  • EPSS 0.88%
  • Veröffentlicht 27.04.2026 08:03:19
  • Zuletzt bearbeitet 30.06.2026 03:19:20

JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class allow...

  • EPSS 0.34%
  • Veröffentlicht 27.04.2026 07:53:54
  • Zuletzt bearbeitet 30.06.2026 03:19:15

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java....

  • EPSS 0.93%
  • Veröffentlicht 27.04.2026 07:51:59
  • Zuletzt bearbeitet 30.06.2026 03:19:18

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP ...

Exploit
  • EPSS 0.9%
  • Veröffentlicht 23.02.2026 08:45:45
  • Zuletzt bearbeitet 30.06.2026 03:17:44

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any O...

Exploit
  • EPSS 0.4%
  • Veröffentlicht 23.02.2026 08:45:36
  • Zuletzt bearbeitet 26.02.2026 16:46:16

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component.  The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss (issuer) claim of JWT tokens against the configured realm. A token issued by one Keyc...

  • EPSS 0.61%
  • Veröffentlicht 14.01.2026 11:45:20
  • Zuletzt bearbeitet 16.01.2026 14:29:11

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS...

  • EPSS 1.01%
  • Veröffentlicht 01.04.2025 12:15:15
  • Zuletzt bearbeitet 15.04.2025 13:00:12

Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10...

Exploit
  • EPSS 72%
  • Veröffentlicht 12.03.2025 14:42:59
  • Zuletzt bearbeitet 02.04.2025 20:37:07

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS a...

Exploit
  • EPSS 79.82%
  • Veröffentlicht 09.03.2025 13:15:34
  • Zuletzt bearbeitet 23.06.2025 18:54:52

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to v...