Bug 2265057 (CVE-2024-22369) - CVE-2024-22369 Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository
Summary: CVE-2024-22369 Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggre...
Keywords:
Status: NEW
Alias: CVE-2024-22369
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2265055
TreeView+ depends on / blocked
 
Reported: 2024-02-20 05:18 UTC by Avinash Hanwate
Modified: 2025-03-04 08:28 UTC (History)
21 users (show)

Fixed In Version: Apache Camel 3.21.4, Apache Camel 3.22.1, Apache Camel 4.0.4, Apache Camel 4.4.0
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Avinash Hanwate 2024-02-20 05:18:59 UTC 
Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component. This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, and from 4.1.0 before 4.4.0.

Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

This issue is being tracked as CAMEL-20303.

https://camel.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-22369
https://issues.apache.org/jira/browse/CAMEL-20303
Note You need to log in before you can comment on or make changes to this bug.