Red Hat Apache Camel Spring Boot
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Apache Camel Spring Boot.
By the Year
In 2025 there have been 1 vulnerability in Red Hat Apache Camel Spring Boot with an average score of 7.5 out of ten. Last year, in 2024 Apache Camel Spring Boot had 7 security vulnerabilities published. Right now, Apache Camel Spring Boot is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.44.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 7.50 |
| 2024 | 7 | 7.06 |
It may take a day or so for new Apache Camel Spring Boot vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Apache Camel Spring Boot Security Vulnerabilities
Smallrye Fault Tolerance OOM DoS via /metrics URI
CVE-2025-2240
7.5 - High
- March 12, 2025
A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
Stack Exhaustion
Undertow ProxyProtocolReadListener StringBuilder reuse info-leak
CVE-2024-7885
7.5 - High
- August 21, 2024
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Race Condition
Undertow Chunked DoS: Missing 0\r\n Termination in Java 17 TLSv1.3
CVE-2024-5971
7.5 - High
- July 08, 2024
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.
Stack Exhaustion
Undertow AJP Path Decoding Race Cond. DOS
CVE-2024-6162
7.5 - High
- June 20, 2024
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.
Resource Exhaustion
Memory Leak in Eclipse Vert.x TCP TLS Server via Fake SNI
CVE-2024-1300
5.4 - Medium
- April 02, 2024
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.
Memory Leak
Vert.x HTTP Client Memory Leak via Netty FastThreadLocal
CVE-2024-1023
6.5 - Medium
- March 27, 2024
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
Memory Leak
Xnio NotifierState Chain Overflow Uncontrolled Resource DoS
CVE-2023-5685
7.5 - High
- March 22, 2024
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
Resource Exhaustion
Undertow WriteTimeoutStreamSinkConduit Causing Memory/File Exhaustion
CVE-2024-1635
7.5 - High
- February 19, 2024
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Apache Camel Spring Boot or by Red Hat? Click the Watch button to subscribe.
