CVE-2024-22369

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-22369

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22369.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-22369

Aliases

GHSA-36xr-4x2f-cfj9

Published

2024-02-20T15:15:10.113Z

Modified

2026-02-11T13:41:07.686057Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.

Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

References

https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f

Affected packages

Git / github.com/apache/camel

Affected ranges

Type: GIT
Repo: https://github.com/apache/camel
Events: Introduced

363e7e1c93f61e23cdae808f2180908169c78f6e

Fixed

aab0e881d960959cce968804cc269fa38dd1aae5

Introduced

8d135894cd73970c82da5da0dc71ecc7f5521ad5

Fixed

344cacf9ea0afec8639e901868202767d2b66ce3

Introduced

ac11f88de7594232c3c28532a19377764665ce13

Fixed

63dc3d2bbfc14abce85fedee71499a45d746d661

Affected versions

camel-3.*

camel-3.0.0

camel-3.21.0

camel-3.21.1

camel-3.21.2

camel-3.21.3

camel-4.*

camel-4.0.0

camel-4.0.0-M1

camel-4.0.0-M2

camel-4.0.0-M3

camel-4.0.0-RC1

camel-4.0.0-RC2

camel-4.0.1

camel-4.0.2

camel-4.0.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22369.json"