Credential exposure and information disclosure via improper input validation of mail headers
Summary
Credential exposure and information disclosure via improper input validation of mail headers. Red Hat rates this moderate (CVSS 7.5). Weakness: CWE-918.
- < 4.19.0
- < 4.0.0
- < 4.14.8
- < 4.15.0
- < 4.18.3
- < 4.21.0
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 4.21.0
- 4.14
- 4.14.8
- 4.18
- 4.18.3
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- To mitigate this vulnerability, ensure that any Camel routes processing untrusted input and forwarding it to the mail producer explicitly strip the `mail.smtp.*` and `mail.smtps.*` header namespaces. This can be achieved by adding `removeHeaders('mail.smtp.*')` and `removeHeaders('mail.smtps.*')` to the route definition between the untrusted ingress and the SMTP/SMTPS producer.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.