Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
History

Tue, 05 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache camel
CPEs cpe:2.3:a:apache:camel:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.22.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:4.1.0:*:*:*:*:*:*:*
Vendors & Products Apache
Apache camel
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-02-20T14:58:36.291Z

Updated: 2024-11-05T19:47:09.797Z

Reserved: 2024-01-09T09:46:19.456Z

Link: CVE-2024-22369

cve-icon Vulnrichment

Updated: 2024-08-01T22:43:34.477Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-20T15:15:10.113

Modified: 2024-11-05T20:35:19.240

Link: CVE-2024-22369

cve-icon Redhat

Severity : Important

Publid Date: 2024-02-19T00:00:00Z

Links: CVE-2024-22369 - Bugzilla