PT-2024-1815 · Apache · Apache Camel
Haoran Zhi
+2
·
Published
2024-02-19
·
Updated
2026-04-27
·
CVE-2024-22369
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apache Camel versions 3.0.0 through 3.21.3
Apache Camel versions 3.22.0
Apache Camel versions 4.0.0 through 4.0.3
Apache Camel versions 4.1.0 through 4.3.x
Description
The issue is related to the deserialization of untrusted data in the Apache Camel SQL Component, which can allow a remote attacker to execute arbitrary code.
Recommendations
Upgrade to version 4.4.0 to fix the issue.
If on the 4.0.x LTS releases stream, upgrade to 4.0.4.
If on 3.x, move to 3.21.4 or 3.22.1.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Camel