Apache Camel's Camel-Mail component is vulnerable to Camel message header injection
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a result, when a Camel application consumes mail through camel-mail (for example via from("imap://…") or from("pop3://…")) the inbound filter check is skipped and Camel-prefixed MIME headers are mapped unfiltered into the Exchange. …