oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-22371: Apache Camel issue on ExchangeCreatedEvent

From: Otavio Rodolfo Piske <orpiske () apache org>
Date: Fri, 23 Feb 2024 19:34:19 +0000
Affected versions:

- Apache Camel 1.x through 1.6.0 unaffected
- Apache Camel 3.21.x through 3.21.3
- Apache Camel 3.22.x through 3.22.0
- Apache Camel 4.0.x through 4.0.3
- Apache Camel 4.x through 4.3.0

Description:

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that 
exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 
3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.

Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

This issue is being tracked as CAMEL-20305 

Credit:

Otavio Rodolfo Piske from the Apache Software Foundation (finder)

References:

https://camel.apache.org/security/CVE-2024-22371.html
https://camel.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-22371
https://issues.apache.org/jira/browse/CAMEL-20305
Previous By Date Next
Previous By Thread Next

Current thread: