Information disclosure via error messages containing sensitive data
Summary
Information disclosure via error messages containing sensitive data. Red Hat rates this moderate (CVSS 5.3). Weakness: CWE-209.
- < 4.0.0
- < 4.14.8
- < 4.15.0
- < 4.18.3
- < 4.19.0
- < 4.21.0
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 4.21.0
- 4.14
- 4.14.8
- 4.18
- 4.18.3
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- To mitigate this issue, configure the `camel-undertow` consumer to explicitly set `muteException=true`. This can be done by adding `?muteException=true` to the consumer URI (e.g., `undertow:http://0.0.0.0:8080/api?muteException=true`) or by setting the global property `camel.component.undertow.mute-exception=true`. This prevents Java stack traces from being returned in HTTP responses upon route processing errors. Note that this workaround may not apply to Rest DSL consumers in affected releases. A restart of the application or service hosting the Camel Undertow component may be required for the changes to take effect.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.