Integration camel k

This hub aggregates every CVE we track for Integration camel k, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Integration camel k.

• CVE-2024-7885Undertow: improper state management in proxy protocol parsing causes information leakage7.5Aug 21, 2024
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3Sep 25, 2023
• CVE-2022-4244Codehaus-plexus: directory traversal7.5Sep 25, 2023
• CVE-2023-4853Quarkus: http security policy bypass8.1Sep 20, 2023
• CVE-2023-1108Undertow: infinite loop in sslconduit during close7.5Sep 14, 2023
• CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client ...3.7Mar 3, 2023
• CVE-2022-4492The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and...7.5Feb 23, 2023
• CVE-2022-1278A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.7.5Sep 13, 2022
• CVE-2022-2764A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.4.9Sep 1, 2022
• CVE-2022-1259A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an ...7.5Aug 31, 2022
• CVE-2022-0084A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requ...7.5Aug 26, 2022
• CVE-2021-4178A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and priv...6.7Aug 24, 2022
• CVE-2021-3690A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from ...7.5Aug 23, 2022
• CVE-2022-2053When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any resp...7.5Aug 5, 2022