Описание
This flaw targets the camel-ldap package. According to the maintainers this CVE should be retracted soon.
Меры по смягчению последствий
Maintainers have added a documentation detail regarding LDAP Injection in Camel LDAP component. Please check the link for more information. https://github.com/apache/camel/blob/3ea0740370bb436dcf70b91dcbfb4e2177fca797/components/camel-ldap/src/main/docs/ldap-component.adoc
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 3 | org.apache.camel-camel | Not affected | ||
| Red Hat build of Quarkus | io.quarkus.platform-quarkus-platform-config | Not affected | ||
| Red Hat Fuse 7 | com.redhat.fuse.eap-fuse-eap | Not affected | ||
| Red Hat Fuse 7 | org.apache.camel-camel | Not affected | ||
| Red Hat Fuse 7 | org.wildfly.camel.example-example-camel | Not affected | ||
| Red Hat Fuse 7 | org.wildfly.camel-wildfly-camel | Not affected | ||
| Red Hat Integration Camel K 1 | org.apache.camel-camel | Not affected | ||
| Red Hat Integration Camel K 1 | org.apache.camel.kafkaconnector-camel-kafka-connector-aggregator | Not affected | ||
| Red Hat Integration Camel K 1 | org.apache.camel.quarkus-camel-quarkus | Not affected | ||
| Red Hat Integration Camel Quarkus 1 | org.apache.camel-camel | Not affected |
Показывать по
10
Дополнительная информация
Дефект:
CWE-90
https://bugzilla.redhat.com/show_bug.cgi?id=2150871camel-ldap: LDAP Injection on camel-ldap component when using the filter option
Связанные уязвимости
nvd
около 3 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS3: 9.8
github
около 3 лет назад
camel-ldap component allows LDAP Injection when using the filter option