CVE-2024-22369

Опубликовано: 19 фев. 2024

Источник: redhat

CVSS3: 7.8

Описание

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

A deserialization of untrusted data flaw was found in Apache Camel SQL Component JDBCAggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat build of Apache Camel 4 for Quarkus 3	org.apache.camel-camel-sql	Not affected
Red Hat build of Apache Camel for Spring Boot 3	org.apache.camel-camel-sql	Not affected
Red Hat build of Apache Camel for Spring Boot 4	org.apache.camel-camel-sql	Not affected
Red Hat Fuse 7	org.apache.camel-camel-sql	Not affected
Red Hat Integration Camel K 1	org.apache.camel-camel-sql	Not affected
Red Hat Integration Camel Quarkus 2	org.apache.camel-camel-sql	Not affected
Red Hat Process Automation 7	org.apache.camel-camel-sql	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-502

https://bugzilla.redhat.com/show_bug.cgi?id=2265057Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository

7.8 High

CVSS3

Связанные уязвимости

CVE-2024-22369

CVSS3: 7.8

nvd

почти 2 года назад

GHSA-36xr-4x2f-cfj9

CVSS3: 7.8

github

почти 2 года назад

Deserialization of Untrusted Data in Apache Camel SQL

BDU:2024-01558

CVSS3: 9.8

fstec

почти 2 года назад

Уязвимость SQL компонента java-фреймворка Apache Camel, позволяющая нарушителю выполнить произвольный код

7.8 High

CVSS3