Apache Camel Camel-Coap Component Header Injection Vulnerability Leading to Remote Code Execution

A vulnerability exists in the Apache Camel Camel-Coap component, specifically in versions 4.14.0 prior to 4.14.5, 4.18.0 prior to 4.18.1, and 4.19.0. This vulnerability allows for improper control over the modification of dynamically-determined object attributes, enabling Camel message header injection. When CoAP requests are forwarded to header-sensitive producers, such as camel-exec, this can result in remote code execution. The issue arises because the camel-coap component directly maps CoAP request URI query parameters into Camel Exchange In message headers without applying any HeaderFilterStrategy. Consequently, an unauthenticated attacker can send a single CoAP UDP packet to inject arbitrary Camel internal headers into the Exchange. If the message is then delivered to a header-sensitive producer, the injected headers can manipulate the producer's behavior. In the case of camel-exec, this exploitation allows for arbitrary OS command execution under the privileges of the Camel process, with the output being returned in the CoAP response payload, creating an interactive remote code execution channel.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Apache Camel is running, under the privileges of the Camel process.

Remediation

Users are advised to upgrade to Apache Camel version 4.18.1 or 4.19.0.