org.apache.camel:camel-coap 4.14.1

Direct Vulnerabilities

Known vulnerabilities in the org.apache.camel:camel-coap package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Handling of Case Sensitivity Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism `HeaderFilterStrategy` that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting specially crafted case-variant headers when they have producer access to the broker consumed by a route. Note: This issue is due to incomplete fix for CVE-2025-27636. How to fix Improper Handling of Case Sensitivity? Upgrade `org.apache.camel:camel-coap` to version 4.14.6, 4.18.2, 4.20.0 or higher.	[3.0.0-M1,4.14.6)[4.15.0,4.18.2)[4.19.0,4.20.0)
H Improperly Controlled Modification of Dynamically-Determined Object Attributes Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the `CamelCoapResource.handleRequest()` function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI query parameters that are mapped directly to internal message headers, which are then processed by header-sensitive producers such as `camel-exec`. This allows the attacker to override executable commands and arguments, resulting in remote code execution under the privileges of the application process. Note: This is only exploitable if a route consumes from a `coap://` endpoint and forwards requests to a header-sensitive producer, with no `HeaderFilterStrategy` applied, and if DTLS is not enabled. How to fix Improperly Controlled Modification of Dynamically-Determined Object Attributes? Upgrade `org.apache.camel:camel-coap` to version 4.14.6, 4.18.1 or higher.	[4.14.0,4.14.6)[4.18.0,4.18.1)

Vulnerability

Vulnerable Version

Improper Handling of Case Sensitivity

Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism HeaderFilterStrategy that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting specially crafted case-variant headers when they have producer access to the broker consumed by a route.

Note:

This issue is due to incomplete fix for CVE-2025-27636.

How to fix Improper Handling of Case Sensitivity?

Upgrade org.apache.camel:camel-coap to version 4.14.6, 4.18.2, 4.20.0 or higher.

[3.0.0-M1,4.14.6)[4.15.0,4.18.2)[4.19.0,4.20.0)

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest() function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI query parameters that are mapped directly to internal message headers, which are then processed by header-sensitive producers such as camel-exec. This allows the attacker to override executable commands and arguments, resulting in remote code execution under the privileges of the application process.

Note:

This is only exploitable if a route consumes from a coap:// endpoint and forwards requests to a header-sensitive producer, with no HeaderFilterStrategy applied, and if DTLS is not enabled.

How to fix Improperly Controlled Modification of Dynamically-Determined Object Attributes?

Upgrade org.apache.camel:camel-coap to version 4.14.6, 4.18.1 or higher.

[4.14.0,4.14.6)[4.18.0,4.18.1)

org.apache.camel:camel-coap@4.14.1

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically