This vulnerability is trending on Twitter; this may indicate a growing threat.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade org.apache.camel:camel-solr to version 4.14.8, 4.18.3, 4.21.0 or higher.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the improper handling of HTTP headers with the SolrParam. and SolrField. prefixes. An attacker can manipulate Solr query parameters or inject arbitrary document fields by sending specially crafted HTTP requests, potentially causing the server to make requests to attacker-controlled URLs or alter indexed data. This is only exploitable if an HTTP consumer is bridged to a solr: producer and the consumer is unauthenticated.
This vulnerability can be mitigated by stripping the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and setting required Solr parameters and fields from a trusted source in the route.