GHSA-w66j-xc7r-m2jv

Suggest an improvement
Source
https://github.com/advisories/GHSA-w66j-xc7r-m2jv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-w66j-xc7r-m2jv/GHSA-w66j-xc7r-m2jv.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-w66j-xc7r-m2jv
Aliases
Published
2022-12-05T15:30:28Z
Modified
2023-11-01T05:00:20.349883Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
camel-ldap component allows LDAP Injection when using the filter option
Details

The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.

Database specific
{
    "nvd_published_at": "2022-12-05T14:15:00Z",
    "github_reviewed_at": "2022-12-05T23:33:29Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-90"
    ]
}
References

Affected packages

Maven / org.apache.camel:camel-ldap

Package

Name
org.apache.camel:camel-ldap
View open source insights on deps.dev
Purl
pkg:maven/org.apache.camel/camel-ldap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.14.6

Affected versions

1.*

1.5.0
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4

2.*

2.0-M1
2.0-M2
2.0-M3
2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.9.0-RC1
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.14.0
2.14.1
2.14.2
2.14.3
2.14.4
2.15.0
2.15.1
2.15.2
2.15.3
2.15.4
2.15.5
2.15.6
2.16.0
2.16.1
2.16.2
2.16.3
2.16.4
2.16.5
2.17.0
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.17.6
2.17.7
2.18.0
2.18.1
2.18.2
2.18.3
2.18.4
2.18.5
2.19.0
2.19.1
2.19.2
2.19.3
2.19.4
2.19.5
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.21.0
2.21.1
2.21.2
2.21.3
2.21.4
2.21.5
2.22.0
2.22.1
2.22.2
2.22.3
2.22.4
2.22.5
2.23.0
2.23.1
2.23.2
2.23.3
2.23.4
2.24.0
2.24.1
2.24.2
2.24.3
2.25.0
2.25.1
2.25.2
2.25.3
2.25.4

3.*

3.0.0-M1
3.0.0-M2
3.0.0-M3
3.0.0-M4
3.0.0-RC1
3.0.0-RC2
3.0.0-RC3
3.0.0
3.0.1
3.1.0
3.2.0
3.3.0
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.5.0
3.6.0
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7
3.8.0
3.9.0
3.10.0
3.11.0
3.11.1
3.11.3
3.11.4
3.11.5
3.11.6
3.11.7
3.12.0
3.13.0
3.14.0
3.14.1
3.14.2
3.14.3
3.14.4
3.14.5

Maven / org.apache.camel:camel-ldap

Package

Name
org.apache.camel:camel-ldap
View open source insights on deps.dev
Purl
pkg:maven/org.apache.camel/camel-ldap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.15.0
Fixed
3.18.4

Affected versions

3.*

3.15.0
3.16.0
3.17.0
3.18.0
3.18.1
3.18.2
3.18.3