Deserialization of Untrusted Data vulnerability
CVE-2024-22369

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Camel
Vendor: CVE Published:; 20 February 2024

Summary

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.

Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

Affected Version(s)

Apache Camel 3.0.0 < 3.21.4

Apache Camel 3.22.0 < 3.22.1

Apache Camel 4.0.0 < 4.0.4

References

https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp...

vendor-advisory

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Jan 9, 2024

Credit

Ziyang Chen from HuaWei Open Source Management Center

Pingtao Wei from HuaWei Open Source Management Center

Haoran Zhi from HuaWei Open Source Management Center