[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2024-22371: Apache Camel issue on ExchangeCreatedEvent
From:       Otavio Rodolfo Piske <orpiske () apache ! org>
Date:       2024-02-23 19:34:19
Message-ID: bfaa14be-f27b-e2df-da57-eb402f8a2c5d () apache ! org
[Download RAW message or body]

Affected versions:

- Apache Camel 1.x through 1.6.0 unaffected
- Apache Camel 3.21.x through 3.21.3
- Apache Camel 3.22.x through 3.22.0
- Apache Camel 4.0.x through 4.0.3
- Apache Camel 4.x through 4.3.0

Description:

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom \
ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue \
affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X \
through 4.0.3, from 4.X through 4.3.0.

Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the \
issue.

This issue is being tracked as CAMEL-20305 

Credit:

Otavio Rodolfo Piske from the Apache Software Foundation (finder)

References:

https://camel.apache.org/security/CVE-2024-22371.html
https://camel.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-22371
https://issues.apache.org/jira/browse/CAMEL-20305


[prev in list] [next in list] [prev in thread] [next in thread]