A critical vulnerability in Apache Camel allows remote attackers to achieve code execution and file system access by bypassing header filtering mechanisms.

This is a header injection vulnerability occurring due to inconsistent case-sensitive filtering in specific Camel components (JMS, CoAP, Google Pubsub). An attacker with producer access to the message broker can inject malicious headers that are processed by downstream components.

Successful exploitation results in full remote code execution and arbitrary file write capabilities, posing a catastrophic risk to data integrity and system availability. With a CVSS score of 9.9, this vulnerability represents an extreme threat level, enabling attackers to take complete control of the affected application server.

Immediate Action: Upgrade to the patched versions provided by the vendor (4.20.0, 4.14.6, or 4.18.2) immediately.

Proactive Monitoring: Monitor message broker traffic for anomalous header patterns and review application logs for unauthorized file system operations or execution commands.

Compensating Controls: Implement strict input validation on message brokers and restrict producer access to trusted entities only.

Public Exploit Available: No

Given the critical CVSS score of 9.9 and the potential for full system compromise, organizations must prioritize patching these Apache Camel components. Administrators should treat this as a high-priority update to prevent unauthorized code execution.