Message redirection and injection via header manipulation
Summary
Message redirection and injection via header manipulation. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-20.
- < 4.0.0
- < 4.14.8
- < 4.15.0
- < 4.18.3
- < 4.19.0
- < 4.21.0
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 4.21.0
- 4.14
- 4.14.8
- 4.18
- 4.18.3
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Strip the kafka.* headers from untrusted inbound messages before the Kafka producer (for example removeHeaders('kafka.*') at the start of the route), and set the target topic from a trusted source.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.