Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component. This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.
Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
github.com/advisories/GHSA-36xr-4x2f-cfj9
github.com/apache/camel/pull/12706
github.com/apache/camel/pull/12707
github.com/apache/camel/pull/12708
github.com/apache/camel/pull/12709
github.com/apache/camel/pull/12716
github.com/apache/camel/pull/12717
github.com/apache/camel/pull/12718
github.com/apache/camel/pull/12719
github.com/apache/camel/pull/12789
github.com/oscerd/CVE-2024-22369
issues.apache.org/jira/browse/CAMEL-20303
lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f
nvd.nist.gov/vuln/detail/CVE-2024-22369