Apache Camel’s JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
The JMX instrumentation agent is the vulnerable component in this, if not being used it can be disabled in the following ways
As a Java system property -
-Dorg.apache.camel.jmx.disabled=true
as java system property
Using the CamelContext method -
java
CamelContext camel = new DefaultCamelContext();
camel.disableJMX();
If using spring altering the spring configuration -
xml
<camelContext id=“camel” xmlns=“http://camel.apache.org/schema/spring”>
<jmxAgent id=“agent” disabled=“true”/>
…
</camelContext>