org.apache.camel:camel-endpointdsl@4.18.0

latest version

4.19.0

latest non vulnerable version

4.19.0

first published

6 years ago

latest version published

22 days ago

licenses detected

Apache-2.0
[3.0.0-M4,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.camel:camel-endpointdsl package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Improperly Controlled Modification of Dynamically-Determined Object Attributes Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the `CamelCoapResource.handleRequest()` function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI query parameters that are mapped directly to internal message headers, which are then processed by header-sensitive producers such as `camel-exec`. This allows the attacker to override executable commands and arguments, resulting in remote code execution under the privileges of the application process. Note: This is only exploitable if a route consumes from a `coap://` endpoint and forwards requests to a header-sensitive producer, with no `HeaderFilterStrategy` applied, and if DTLS is not enabled. How to fix Improperly Controlled Modification of Dynamically-Determined Object Attributes? Upgrade `org.apache.camel:camel-endpointdsl` to version 4.14.6, 4.18.1 or higher.	[4.14.0,4.14.6)[4.18.0,4.18.1)

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest() function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI query parameters that are mapped directly to internal message headers, which are then processed by header-sensitive producers such as camel-exec. This allows the attacker to override executable commands and arguments, resulting in remote code execution under the privileges of the application process.

Note:

This is only exploitable if a route consumes from a coap:// endpoint and forwards requests to a header-sensitive producer, with no HeaderFilterStrategy applied, and if DTLS is not enabled.

How to fix Improperly Controlled Modification of Dynamically-Determined Object Attributes?

Upgrade org.apache.camel:camel-endpointdsl to version 4.14.6, 4.18.1 or higher.

[4.14.0,4.14.6)[4.18.0,4.18.1)

Go back to all versions of this package