Lucene search
HistoryFeb 20, 2024 - 3:15 p.m.
CVE-2024-23114
deserialization vulnerability
apache camel
cassandraql component
aggregationrepository
unsafe deserialization
cve-2024-23114
upgrade
specific conditions
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.
Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
Related
redhatcve
redhatcve
CVE-2024-23114
2024-02-20 05:19:43
prion
prion
Deserialization of untrusted data
2024-02-20 15:15:00
osv
osv
Deserialization of Untrusted Data in Apache Camel CassandraQL
2024-02-20 15:31:06
cvelist
cvelist
github
github
Deserialization of Untrusted Data in Apache Camel CassandraQL
2024-02-20 15:31:06
veracode
veracode
Insecure Deserialization
2024-02-21 11:26:06
cve
cve
CVE-2024-23114
2024-02-20 15:15:10
ibm
ibm