6 matches found
CVE-2022-45046
This flaw targets the camel-ldap package. According to the maintainers this CVE should be retracted soon. Mitigation Maintainers have added a documentation detail regarding LDAP Injection in Camel LDAP component. Please check the link for more information...
LDAP Injection
Camel LDAP is vulnerable to LDAP injection. The vulnerability is due to the process function in LdapProducer.java when using the filter options which allows an attacker to inject and execute LDAP queries into the system...
org.apache.camel.quarkus:camel-quarkus-integration-test-ldap (>=2.8.0 <=2.13.2), org.apache.camel.quarkus:camel-quarkus-ldap (>=2.8.0 <=2.13.2) +2 more potentially affected by CVE-2022-45046 via org.apache.camel:camel-ldap (>=3.15.0 <=3.18.3)
org.apache.camel:camel-ldap MAVEN version =3.15.0, =2.8.0, =2.8.0, =2.8.0, =3.15.0, =3.18.3 Source cves: CVE-2022-45046 Source advisory: OSV:GHSA-W66J-XC7R-M2JV...
GHSA-W66J-XC7R-M2JV camel-ldap component allows LDAP Injection when using the filter option
The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component which is not affected or upgrade to 3.14.6 or 3.18.4...
io.fabric8.funktion.connector:connector-ldap (>=1.1.9 <=1.1.55), org.apache.camel.kafkaconnector:camel-ldap-kafka-connector (>=0.10.1 <=0.11.5) +10 more potentially affected by CVE-2022-45046 via org.apache.camel:camel-ldap (>=2.13.4 <=3.14.5)
org.apache.camel:camel-ldap MAVEN version =2.13.4, =1.1.9, =0.10.1, =2.3.0, =2.0.0, =2.0.0, =2.0.0, =3.0.0, =2.18.0, =4.4.354, =4.4.366 - org.wildfly.camel:wildfly-camel-itests-camel =11.0.0 - uk.nhs.ciao:ciao-spine-sds =0.1 - uk.nhs.ciao:ciao-transport-spine =0.1 Source cves: CVE-2022-45046 Sour...
PT-2022-27391 · Apache · Camel-Ldap
Name of the Vulnerable Software and Affected Versions: camel-ldap versions prior to 3.14.6 camel-ldap versions prior to 3.18.4 Description: The camel-ldap component is affected by an LDAP Injection issue when using the filter option. This allows for potential security breaches. Users are advised ...