Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Affecting org.apache.camel:camel-solr package, versions [4.0.0,4.14.8)[4.15.0,4.18.3)[4.19.0,4.21.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Social Trends
EPSS
0.37% (29th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGAPACHECAMEL-17879229
  • published7 Jul 2026
  • disclosed6 Jul 2026
  • creditUnknown

Introduced: 6 Jul 2026

NewCVE-2026-48203  (opens in a new tab)
CWE-74  (opens in a new tab)

How to fix?

Upgrade org.apache.camel:camel-solr to version 4.14.8, 4.18.3, 4.21.0 or higher.

Overview

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the improper handling of HTTP headers with the SolrParam. and SolrField. prefixes. An attacker can manipulate Solr query parameters or inject arbitrary document fields by sending specially crafted HTTP requests, potentially causing the server to make requests to attacker-controlled URLs or alter indexed data. This is only exploitable if an HTTP consumer is bridged to a solr: producer and the consumer is unauthenticated.

Workaround

This vulnerability can be mitigated by stripping the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and setting required Solr parameters and fields from a trusted source in the route.

CVSS Base Scores

version 4.0
version 3.1