The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerabilities in an interactive lesson.
Start learningUpgrade org.apache.camel:camel-nats to version 4.14.8, 4.18.3, 4.21.0 or higher.
Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the NatsConsumer process. An attacker can manipulate downstream producer behavior by injecting arbitrary control headers into messages published to the NATS subject. This can result in actions such as redirecting HTTP producers, changing file names, or overriding queries by supplying specially crafted headers. The injected headers persist across internal direct, seda, and vm hops. This is only exploitable if the NATS server is configured without authentication and NATS 2.2 or later is used.
This vulnerability can be mitigated by stripping Camel control headers from inbound NATS messages before they reach any downstream producer (for example, using removeHeaders('Camel*') and removeHeaders('camel*') at the start of the route), and by enabling authentication on the NATS server so that only trusted clients can publish to the consumed subject.