CNNVD-202601-2456 Information

CNNVD ID

CNNVD-202601-2456

Related CVE

CVE-2025-66169

• CNNVD Published: 2026-01-14

Description (Chinese)

Apache Camel是美国阿帕奇（Apache）基金会的一套开源的基于Enterprise Integration Pattern(企业整合模式，简称EIP)的集成框架。该框架提供企业集成模式的Java对象（POJO）的实现，且通过应用程序接口来配置路由和中介的规则。 Apache Camel存在安全漏洞，该漏洞源于camel-neo4j组件存在Cypher注入。

Description (English)

Apache Camel is an open-source, integrated framework based on Enterprise Integration Patterson (business integration model, known as EIP) of the Apache Foundation in the United States. The framework provides for the realization of the Java object (POJO) of the business integration model and the rules for configuring routers and intermediaries through the application interface. There is a security loophole in Apache Camel, which stems from the Cypher injection of the camel-neo4j component.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-01-14

Last Modified

2026-02-24

References

https://camel.apache.org/security/CVE-2025-66169.html http://www.openwall.com/lists/oss-security/2026/01/13/5

Patch

https://camel.apache.org/