7 matches found
Insecure Deserialisation
org.apache.camel:camel-sql is vulnerable to Insecure Deserialisation. The vulnerability is due to insufficient validation of serialized objects, which can be exploited by attackers to execute arbitrary code...
org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=1.0.0 <=3.21.0), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=1.0.0 <=3.21.0) +29 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=3.0.0 <=3.21.3)
org.apache.camel:camel-sql MAVEN version =3.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.18.1, =3.18.1, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =3.21.0...
org.apache.camel.kafkaconnector:camel-aws-redshift-sink-kafka-connector (>=4.0.0 <=4.0.3), org.apache.camel.kafkaconnector:camel-aws-redshift-source-kafka-connector (>=4.0.0 <=4.0.3) +17 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.0.0 <=4.0.3)
org.apache.camel:camel-sql MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =3.2.0, =3.4.0 - org.apache.camel.quar...
org.apache.camel.springboot:camel-sql-starter (=3.22.0) potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (=3.22.0)
org.apache.camel:camel-sql MAVEN version =3.22.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-sql and may be impacted: - org.apache.camel.springboot:camel-sql-starter =3.22.0 Source cves: CVE-2024-22369 Source advisory:...
GHSA-36XR-4X2F-CFJ9 Deserialization of Untrusted Data in Apache Camel SQL
Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component. This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users...
org.apache.camel.quarkus:camel-quarkus-integration-test-jta (>=3.5.0 <=3.35.0), org.apache.camel.quarkus:camel-quarkus-integration-test-langchain4j-tools (=3.35.0) +8 more potentially affected by CVE-2024-22369 via org.apache.camel:camel-sql (>=4.1.0 <=4.3.0)
org.apache.camel:camel-sql MAVEN version =4.1.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =4.1.0, =9.1.0, =9.1.0, =9.1.0, =10.0.0 Source cves: CVE-2024-22369 Source advisory: OSV:GHSA-36XR-4X2F-CFJ9...
PT-2024-1815 · Apache · Apache Camel
Name of the Vulnerable Software and Affected Versions: Apache Camel versions 3.0.0 through 3.21.3 Apache Camel versions 3.22.0 Apache Camel versions 4.0.0 through 4.0.3 Apache Camel versions 4.1.0 through 4.3.x Description: The issue is related to the deserialization of untrusted data in the Apac...