Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.
Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache camel |
|
CPEs | cpe:2.3:a:apache:camel:3.0.0:-:*:*:*:*:*:* cpe:2.3:a:apache:camel:3.22.0:*:*:*:*:*:*:* cpe:2.3:a:apache:camel:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:apache:camel:4.1.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Apache
Apache camel |
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-02-20T14:58:36.291Z
Updated: 2024-11-05T19:47:09.797Z
Reserved: 2024-01-09T09:46:19.456Z
Link: CVE-2024-22369
Vulnrichment
Updated: 2024-08-01T22:43:34.477Z
NVD
Status : Awaiting Analysis
Published: 2024-02-20T15:15:10.113
Modified: 2024-11-21T08:56:08.217
Link: CVE-2024-22369
Redhat