Bug 2265053 (CVE-2024-23114)
| Summary: | CVE-2024-23114 Apache Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aileenc, chazlett, cmiranda, fmariani, fmongiar, gmalinko, janstey, jnethert, jpoth, pcongius, pdelbell, pjindal, tcunning, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Apache Camel 3.21.4, Apache Camel 3.22.1, Apache Camel 4.0.4, Apache Camel 4.4.0 | Doc Type: | --- |
| Doc Text: |
A deserialization of untrusted data flaw was found in the Apache Camel CassandraQL Component AggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2265055 | ||
|
Description
Avinash Hanwate
2024-02-20 05:05:05 UTC
This issue has been addressed in the following products: RHINT Camel-K 1.10.8 Via RHSA-2024:8339 https://access.redhat.com/errata/RHSA-2024:8339 |