This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git
The following commit(s) were added to refs/heads/main by this push:
new c63521d8 Update the severity of CVE-2025-27636 to Medium instead of
moderate
c63521d8 is described below
commit c63521d8c1459f6de4d97127f6da9395c85a25ac
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Apr 1 18:25:41 2025 +0200
Update the severity of CVE-2025-27636 to Medium instead of moderate
Signed-off-by: Andrea Cosentino <[email protected]>
---
content/security/CVE-2025-27636.md | 2 +-
content/security/CVE-2025-27636.txt.asc | 18 +++++++++---------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/content/security/CVE-2025-27636.md
b/content/security/CVE-2025-27636.md
index 64146587..c561508b 100644
--- a/content/security/CVE-2025-27636.md
+++ b/content/security/CVE-2025-27636.md
@@ -5,7 +5,7 @@ url: /security/CVE-2025-27636.html
draft: false
type: security-advisory
cve: CVE-2025-27636
-severity: MODERATE
+severity: MEDIUM
summary: "Camel Message Header Injection via Improper Filtering"
description: "This vulnerability is only present in the following situation.
The user is using one of the following HTTP Servers via one the of the
following Camel components: camel-servlet, camel-jetty, camel-undertow,
camel-platform-http and camel-netty-http and in the route, the exchange will be
routed to a camel-bean producer. So ONLY camel-bean component is affected. In
particular: The bean invocation (is only affected if you use any of the above
together with camel-bean component) [...]
headers that for some Camel components can alter the behaviours such as the
camel-bean component, to call another method
diff --git a/content/security/CVE-2025-27636.txt.asc
b/content/security/CVE-2025-27636.txt.asc
index 488a20aa..0b652cec 100644
--- a/content/security/CVE-2025-27636.txt.asc
+++ b/content/security/CVE-2025-27636.txt.asc
@@ -8,7 +8,7 @@ url: /security/CVE-2025-27636.html
draft: false
type: security-advisory
cve: CVE-2025-27636
-severity: MODERATE
+severity: MEDIUM
summary: "Camel Message Header Injection via Improper Filtering"
description: "This vulnerability is only present in the following situation.
The user is using one of the following HTTP Servers via one the of the
following Camel components: camel-servlet, camel-jetty, camel-undertow,
camel-platform-http and camel-netty-http and in the route, the exchange will be
routed to a camel-bean producer. So ONLY camel-bean component is affected. In
particular: The bean invocation (is only affected if you use any of the above
together with camel-bean component) [...]
headers that for some Camel components can alter the behaviours such as the
camel-bean component, to call another method
@@ -56,12 +56,12 @@ fixed: 3.22.4, 4.8.5 and 4.10.2
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-21828 refers to
the various commits that resolved the issue, and have more details.
-----BEGIN PGP SIGNATURE-----
-iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmfSlIEACgkQ406fOAL/
-QQCJ5ggApUZBHWtrwEKRBR02ni+Xm5h7aOOXnQIVzGyXwPBB1ZI0J5VOOIyePE64
-PC69UbGzqBxkYbURGqAiBJqfdpaISDkDD9zKWugIZG1DNtwg1VxqMA6/KJKQYt1g
-AzKf1m1b9guCwuFQjqIh04bMXrKhu9bOPGqjuE9SwHK8SPQgYI1tkWEZjKjfyAlc
-xZBZRP+VKpxOKwKOwHmVHSWZ0in8YshevmKw48p7g1BN7ACcA/rY9gYzJ7YRhkkb
-RHzXIPEQ3PFWG6HAXYuSqUy+hi7hfVKdBWrdqW6+OTqcHtgR4ZPZmO7ZEoKUKxQE
-8ryHjb5SRVw3BaS6nvvPEGzRhQbFRQ==
-=X5cK
+iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmfsE2wACgkQ406fOAL/
+QQCzswf6A7sqnQYh83jNeV2VcfrrcIq9hsvmw6CTYfbmD7zg/jAPtDPhI/pbH5Eo
+eQSlIzf2WynI7YC4nNaPNUVlFCHGEcVeoPnkQyGltibVzCrx+RJVb+VYse2nw9vD
+iil1/TLYeBMEwKpHOWszYxg+tGwKfMM9ixSDlNv9B72psAT/FuXd6nAvu2AeZPxv
+2uKsEg2kz1kZWJ4PNYPobu0xr4XueEA3yoQsJUKDxqyS6WnmuwE60XC+SucOXvwv
+8XT4q7MPlzgrw0Vzxi2Kv0q6viXTt4/UEIJntyxlHUUh/5BjL+Dgnqdf2xx+8MrP
+XYYNdsJhB4lGao36FO+WJt5DJP20AA==
+=ux8V
-----END PGP SIGNATURE-----
