Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <bfaa14be-f27b-e2df-da57-eb402f8a2c5d@apache.org>
Date: Fri, 23 Feb 2024 19:34:19 +0000
From: Otavio Rodolfo Piske <orpiske@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2024-22371: Apache Camel issue on ExchangeCreatedEvent 

Affected versions:

- Apache Camel 1.x through 1.6.0 unaffected
- Apache Camel 3.21.x through 3.21.3
- Apache Camel 3.22.x through 3.22.0
- Apache Camel 4.0.x through 4.0.3
- Apache Camel 4.x through 4.3.0

Description:

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.

Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

This issue is being tracked as CAMEL-20305 

Credit:

Otavio Rodolfo Piske from the Apache Software Foundation (finder)

References:

https://camel.apache.org/security/CVE-2024-22371.html
https://camel.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-22371
https://issues.apache.org/jira/browse/CAMEL-20305

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.