Federico Mariani

Name of the Vulnerable Software and Affected Versions: Apache Camel versions 3.0.0 through 3.21.3 Apache Camel versions 3.22.0 through 3.22.0 Apache Camel versions 4.0.0 through 4.0.3 Apache Camel versions 4.1.0 through 4.3.x Description: The issue is related to the deserialization of untrusted data in the Apache Camel CassandraQL Component AggregationRepository, which is vulnerable to unsafe deserialization. Under specific conditions, it is possible to deserialize a malicious payload, potentially allowing a remote attacker to execute arbitrary code. Recommendations: For Apache Camel versions 3.0.0 through 3.21.3, upgrade to version 3.21.4. For Apache Camel versions 3.22.0, upgrade to version 3.22.1. For Apache Camel versions 4.0.0 through 4.0.3, upgrade to version 4.0.4. For Apache Camel versions 4.1.0 through 4.3.x, upgrade to version 4.4.0.