Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.
Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
Metrics
Affected Vendors & Products
References
History
Wed, 23 Oct 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat camel K |
|
CPEs | cpe:/a:redhat:camel_k:1.10.8 | |
Vendors & Products |
Redhat
Redhat camel K |
Wed, 28 Aug 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-02-20T14:59:38.326Z
Updated: 2024-08-28T19:49:48.296Z
Reserved: 2024-01-11T17:22:53.091Z
Link: CVE-2024-23114
Vulnrichment
Updated: 2024-08-01T22:51:11.265Z
NVD
Status : Awaiting Analysis
Published: 2024-02-20T15:15:10.333
Modified: 2024-11-21T08:56:57.690
Link: CVE-2024-23114
Redhat