This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git
The following commit(s) were added to refs/heads/main by this push:
new 01b319a8 Update CVE
01b319a8 is described below
commit 01b319a8dd5e13e16a827f6e736d54fcbc8ed26a
Author: Andrea Cosentino <[email protected]>
AuthorDate: Mon Mar 10 19:05:24 2025 +0100
Update CVE
Signed-off-by: Andrea Cosentino <[email protected]>
---
content/security/CVE-2025-27636.md | 2 +-
content/security/CVE-2025-27636.txt.asc | 18 +++++++++---------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/content/security/CVE-2025-27636.md
b/content/security/CVE-2025-27636.md
index 3d7459f1..64146587 100644
--- a/content/security/CVE-2025-27636.md
+++ b/content/security/CVE-2025-27636.md
@@ -6,7 +6,7 @@ draft: false
type: security-advisory
cve: CVE-2025-27636
severity: MODERATE
-summary: "Apache Camel-Bean component: Camel Message Header Injection via
Improper Filtering"
+summary: "Camel Message Header Injection via Improper Filtering"
description: "This vulnerability is only present in the following situation.
The user is using one of the following HTTP Servers via one the of the
following Camel components: camel-servlet, camel-jetty, camel-undertow,
camel-platform-http and camel-netty-http and in the route, the exchange will be
routed to a camel-bean producer. So ONLY camel-bean component is affected. In
particular: The bean invocation (is only affected if you use any of the above
together with camel-bean component) [...]
headers that for some Camel components can alter the behaviours such as the
camel-bean component, to call another method
on the bean, than was coded in the application. In the camel-jms component,
then a mallicous header can be used to send
diff --git a/content/security/CVE-2025-27636.txt.asc
b/content/security/CVE-2025-27636.txt.asc
index 7c494ae9..9bd98316 100644
--- a/content/security/CVE-2025-27636.txt.asc
+++ b/content/security/CVE-2025-27636.txt.asc
@@ -9,7 +9,7 @@ draft: false
type: security-advisory
cve: CVE-2025-27636
severity: MODERATE
-summary: "Apache Camel-Bean component: Camel Message Header Injection via
Improper Filtering"
+summary: "Camel Message Header Injection via Improper Filtering"
description: "This vulnerability is only present in the following situation.
The user is using one of the following HTTP Servers via one the of the
following Camel components: camel-servlet, camel-jetty, camel-undertow,
camel-platform-http and camel-netty-http and in the route, the exchange will be
routed to a camel-bean producer. So ONLY camel-bean component is affected. In
particular: The bean invocation (is only affected if you use any of the above
together with camel-bean component) [...]
headers that for some Camel components can alter the behaviours such as the
camel-bean component, to call another method
on the bean, than was coded in the application. In the camel-jms component,
then a mallicous header can be used to send
@@ -56,12 +56,12 @@ fixed: 3.22.4, 4.8.5 and 4.10.2
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-21828 refers to
the various commits that resolved the issue, and have more details.
-----BEGIN PGP SIGNATURE-----
-iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmfO0wAACgkQ406fOAL/
-QQAGXAf+LVE8hHv9HIJh8LsQnj21zp4UvtnoPt3aPy3Dzto0PQko/QUIPGQK8FC2
-AoXJ1//EDPqUk2QpMlJ+k1pS2Lk9iojOc3sPgOxGK5beRK8eRYbD1HRKCn+hc7sW
-8TV7JnHRWX8CMPJsnpfjZsCsY5lNHhvSwcGzBxnnI5xGuxzWN7vEgb0rm1OoE+je
-CZx85sq3xmzlGEnTG/S+3CntMXDgjQtGqEogTjeYjuQZ7aqA2lf0Y2NbbeJGFRX8
-FJDbZbB9Wo9ULifMjG/A2gEPCklTIYPlhX6DJ5X1m7mF+5+IIeq9BEoruUCGF39T
-aniOWsxDSapjuM868karkwBh800Dhg==
-=zNda
+iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmfPKdsACgkQ406fOAL/
+QQAowQgApMrMHcnk0VOdlYNDVhfzbuMeoOxPEEXUnMHb/Kg6pVH3NTDlwF/c1zsu
+gNhe+zJRiFNQGpkdzJYgO4Z+6YtijPRZN/hWGjJ9SZ/N2PHGkUSEnPZO6hjKO1Sh
+vjhUM4PIW677oOxoBp4e8JqnM4QSz/7oE9MToCzYqw53ojrRn5eo+tFUvG9XfYd2
+VCDnTN9Kj6ZC/URqjMiCROoeW0YGACLVLnzmJy8XQiSNI66dpwvke/i/TRxpswIP
+uEgHqURILJZdtP0kYmEXHjjBAjfbgWyg/9NzjasiPUXWOi3vXUaIJ4g2b8w00mEK
+wchO7hhpAVWa4pTe4ed4EctsvE0AYQ==
+=j4xI
-----END PGP SIGNATURE-----
