This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git
The following commit(s) were added to refs/heads/main by this push:
new feed85f0 CVE-2025-66169 Added to website (#1470)
feed85f0 is described below
commit feed85f0a5d4b8c341489abf61caa31a118158d6
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue Jan 13 10:00:23 2026 +0100
CVE-2025-66169 Added to website (#1470)
Signed-off-by: Andrea Cosentino <[email protected]>
---
content/security/CVE-2025-66169.md | 17 +++++++++++++++++
content/security/CVE-2025-66169.txt.asc | 31 +++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+)
diff --git a/content/security/CVE-2025-66169.md
b/content/security/CVE-2025-66169.md
new file mode 100644
index 00000000..5a556fba
--- /dev/null
+++ b/content/security/CVE-2025-66169.md
@@ -0,0 +1,17 @@
+---
+title: "Apache Camel Security Advisory - CVE-2025-66169"
+date: 2026-01-13T07:30:42+02:00
+url: /security/CVE-2025-66169.html
+draft: false
+type: security-advisory
+cve: CVE-2025-66169
+severity: MEDIUM
+summary: "Cypher injection vulnerability in Camel-Neo4j component"
+description: "Camel neo4j component is vulnerable to Cypher injection:
attackers can construct specific query statements to execute unintended
operations in the Neo4j database."
+mitigation: "Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS
and 4.14.3 for 4.14.x LTS and 4.17.0."
+credit: "This issue was discovered and reported by Ya0H4cker."
+affected: Apache Camel 4.10.x before 4.10.8, Apache Camel 4.14.x before
4.14.3, Apache Camel 4.15.0 and 4.16.0.
+fixed: 4.10.8, 4.14.3 and 4.17.0
+---
+
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-22719 refers to
the commit that resolved the issue, and have more details.
diff --git a/content/security/CVE-2025-66169.txt.asc
b/content/security/CVE-2025-66169.txt.asc
new file mode 100644
index 00000000..18d61387
--- /dev/null
+++ b/content/security/CVE-2025-66169.txt.asc
@@ -0,0 +1,31 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+- ---
+title: "Apache Camel Security Advisory - CVE-2025-66169"
+date: 2026-01-13T07:30:42+02:00
+url: /security/CVE-2025-66169.html
+draft: false
+type: security-advisory
+cve: CVE-2025-66169
+severity: MEDIUM
+summary: "Cypher injection vulnerability in Camel-Neo4j component"
+description: "Camel neo4j component is vulnerable to Cypher injection:
attackers can construct specific query statements to execute unintended
operations in the Neo4j database."
+mitigation: "Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS
and 4.14.3 for 4.14.x LTS and 4.17.0."
+credit: "This issue was discovered and reported by Ya0H4cker."
+affected: Apache Camel 4.10.x before 4.10.8, Apache Camel 4.14.x before
4.14.3, Apache Camel 4.15.0 and 4.16.0.
+fixed: 4.10.8, 4.14.3 and 4.17.0
+- ---
+
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-22719 refers to
the commit that resolved the issue, and have more details.
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmll/qMACgkQ406fOAL/
+QQAXwgf+Ot8434RdjGT3QXbrStQKGg1LXJxguHYBY4PB/nPQfaybkOff9bIOp5fX
+vstXjUkB8QqxLt/k+K/UxyKspIf7idVnsGGf35TIjnT9+UiQUb2QHUa9FTS1SpKb
+buoRc8byR+3r2+39QnyLXCMhE7G5XW8J1Y+1kTzXKE2AXLAQkpYOX9McuOR5THQA
+f3rJ3OfmNWmtQJTJpM+6qDx6a2kyIEOdp3Zbz61PBYbakJF1ugLXcFn5A+V3Cu5w
+81tWDoG6HasLYBRPaY7L57DwyCzSQ2/7QpVHWB2a3xxwgwg8lM73b3UlF+HkHMjE
+kQEeq25CRnhwWq+d1E1til9o44peQQ==
+=byEk
+-----END PGP SIGNATURE-----
