Описание
Cypher Injection vulnerability in Apache Camel camel-neo4j component.
This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0
Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
A flaw was found in the Apache Camel camel-neo4j component. A remote attacker can exploit this Cypher Injection vulnerability to perform unauthorized data modification or execute arbitrary database queries. This could lead to a compromise of data integrity within the Neo4j database.
Отчет
This vulnerability is rated Moderate for Red Hat as it affects the camel-neo4j component in Red Hat build of Apache Camel. A Cypher injection flaw could allow an attacker to execute arbitrary Cypher queries, potentially leading to unauthorized data manipulation or disclosure within the Neo4j database connected via the component.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 4 | camel-neo4j | Fix deferred |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
Apache Camel camel-neo4j component is vulnerable to cypher injection
5.3 Medium
CVSS3