Impact
Improper input validation in Apache Camel’s camel-cometd component allows inbound CometD (Bayeux) messages to carry arbitrary headers. The component copies the entire ext.CamelHeaders map from the client into the Camel Exchange without filtering, which is a CWE-20 Improper Input Validation vulnerability. Because Camel control headers (such as CamelHttpUri, CamelFileName, or CamelJmsDestinationName) are accepted unchanged, an attacker can inject these headers to alter the behavior of downstream routes—redirecting HTTP calls, renaming files, or overriding JMS destinations—without authentication. This manipulation can lead to unauthorized data exfiltration or other unintended actions within the system, depending on the route configuration.
Affected Systems
The vulnerability impacts Apache Software Foundation’s Apache Camel product, specifically the camel-cometd component. All versions from 4.0.0 up to but excluding 4.14.8, from 4.15.0 up to but excluding 4.18.3, and from 4.19.0 up to but excluding 4.21.0 are affected. Supported fix releases are 4.14.8 (for the 4.14.x LTS stream), 4.18.3 (for the 4.18.x release stream), and 4.21.0 (for newer streams).
Risk and Exploitability
The CVSS score of 9.8 indicates a critical severity. The EPSS score is reported as less than 1%, indicating a low probability of exploitation at the time of assessment, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, exploitation is feasible for any deployment that exposes a CometD endpoint without a Bayeux SecurityPolicy. An attacker who can complete the Bayeux handshake—typically by sending a handshake message to the endpoint—can publish messages with crafted headers. The lack of a HeaderFilterStrategy means the headers are copied verbatim into the Exchange, enabling the attacker to influence downstream components. While the likelihood of spontaneous exploitation is small, the potential impact is significant for routes that rely on these downstream producers, warranting prompt remedial action.
OpenCVE Enrichment