https://bugzilla.redhat.com/show_bug.cgi?id=1937440
--- Comment #27 from Jonathan Christison jochrist@redhat.com --- Marking Red Hat JBoss Fuse 6 and Red Hat Fuse 7 and Red Hat Integration Camel K as having a moderate impact, this is because components using the affected versions of velocity, namely camel-velocity does not allow, by default, use of templates derived from unprivileged mutable/dynamic sources ie. It does not allow generation or modification of templates from a source an attacker may control perquisite of this attack.
Customers using camel velocity with `allowTemplateFromHeader` or `allowContextMapAll` set to true are strongly advised to either disable the dynamic template functionality or ensure the templates are from a source that is not derived from unprivileged user input.