From 85f3e0a0c93d28d9974ffc20fa972edb416250e2 Mon Sep 17 00:00:00 2001 From: Andrea Cosentino Date: Fri, 10 Jul 2026 10:14:49 +0200 Subject: [PATCH] [GHSA-5g68-f6xg-vf2r] Improper Input Validation vulnerability in Apache Camel. Signed-off-by: Andrea Cosentino --- .../GHSA-5g68-f6xg-vf2r.json | 67 ++++++++++++++++++- 1 file changed, 65 insertions(+), 2 deletions(-) diff --git a/advisories/unreviewed/2026/07/GHSA-5g68-f6xg-vf2r/GHSA-5g68-f6xg-vf2r.json b/advisories/unreviewed/2026/07/GHSA-5g68-f6xg-vf2r/GHSA-5g68-f6xg-vf2r.json index 74c99f15cefde..56eae1245ffd3 100644 --- a/advisories/unreviewed/2026/07/GHSA-5g68-f6xg-vf2r/GHSA-5g68-f6xg-vf2r.json +++ b/advisories/unreviewed/2026/07/GHSA-5g68-f6xg-vf2r/GHSA-5g68-f6xg-vf2r.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-5g68-f6xg-vf2r", - "modified": "2026-07-07T00:30:58Z", + "modified": "2026-07-10T07:58:22Z", "published": "2026-07-06T12:31:30Z", "aliases": [ "CVE-2026-46588" ], + "summary": "Camel-CouchDB: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input", "details": "Improper Input Validation vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.\n\nUsers are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.", "severity": [ { @@ -13,7 +14,65 @@ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.camel:camel-couchdb" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 4.14.8" + } + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.camel:camel-couchdb" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.15.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 4.18.3" + } + }, + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.camel:camel-couchdb" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.19.0" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "< 4.21.0" + } + } + ], "references": [ { "type": "ADVISORY", @@ -26,6 +85,10 @@ { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2026/07/06/16" + }, + { + "type": "PACKAGE", + "url": "https://github.com/apache/camel/tree/main/components/camel-couchdb" } ], "database_specific": {