Saroj Khadka

**Name of the Vulnerable Software and Affected Versions** Apache Camel versions 3.0.0 through 4.14.5 Apache Camel versions 4.15.0 through 4.18.1 Apache Camel versions 4.19.0 through 4.19.x **Description** Certain non-HTTP HeaderFilterStrategy implementations, specifically JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub, use case-sensitive filtering for headers starting with 'Camel' or 'camel'. Since the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS or equivalent producer access to a broker consumed by a Camel route can inject case-variant internal headers. These headers are subsequently resolved by downstream components, such as camel-exec and camel-file, using their canonical casing, potentially leading to remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components. **Recommendations** Upgrade versions 3.0.0 through 4.14.5 to 4.14.6. Upgrade versions 4.15.0 through 4.18.1 to 4.18.2. Upgrade versions 4.19.0 through 4.19.x to 4.20.0.