CVE-2024-22371 – org.apache.camel:camel-core

Package

Manager: maven
Name: org.apache.camel:camel-core
Vulnerable Version: >=3.0.0 <3.21.4 || =3.22.0 || >=3.22.0 <3.22.1 || >=4.0.0 <4.0.4 || >=4.1.0 <4.4.0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00435 pctl0.62014

Details

Apache Camel data exposure vulnerability Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Camel: from 3.0.0 through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

Metadata

Created: 2024-02-26T18:30:30Z
Modified: 2024-10-31T16:57:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-qpxm-689r-3849/GHSA-qpxm-689r-3849.json
CWE IDs: ["CWE-200", "CWE-922"]
Alternative ID: GHSA-qpxm-689r-3849
Finding: F038
Auto approve: 1