Affected Component: Apache Camel Framework (specifically versions 3.x through 4.10.1) Vuln Type: Bypass/Injection The vulnerability arises due to a bug in the default filtering mechanism that only blocks headers starting with "Camel", "camel", or Attackers can bypass this filter by altering the casing of any letter other than the first one (e.g., "GAme\" or "GAW"). This allows attackers to inject headers like GAmelMeth0dßeanName, which can be exploited to invoke arbitrary methods from the Bean registry@04 and also supports using Simple Expression Language (or OGNL in some cases) as part of the method parameters passed to the bean (see attached examples). There are quite a large number of other "Camel" headers that, if manipulated, could allow an attacker to do some pretty dangerous things (think CamelSqlQuery).
This issue has been addressed in the following products: Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 Via RHSA-2025:3091 https://access.redhat.com/errata/RHSA-2025:3091
This issue has been addressed in the following products: Red Hat build of Apache Camel 4.8.5 for Spring Boot Via RHSA-2025:3543 https://access.redhat.com/errata/RHSA-2025:3543