16 matches found
Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.8 release and security update.
Red Hat Integration Camel K 1.10.8 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository
A deserialization of untrusted data flaw was found in the Apache Camel CassandraQL Component AggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload...
The vulnerability of the CassandraQL component of the Java framework Apache Camel, which allows a hacker to execute arbitrary code.
The vulnerability of the CassandraQL component of the Java framework Apache Camel is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
Insecure Deserialization
org.apache.camel:camel-cassandraql is vulnerable to Insecure Deserialization. The vulnerability is due to insufficient validation of serialized objects, which can be exploited by attackers to execute arbitrary code...
org.apache.camel.quarkus:camel-quarkus-cassandraql (>=3.5.0 <=3.36.0), org.apache.camel.quarkus:camel-quarkus-cassandraql-deployment (>=3.5.0 <=3.36.0) +2 more potentially affected by CVE-2024-23114 via org.apache.camel:camel-cassandraql (>=4.1.0 <=4.3.0)
org.apache.camel:camel-cassandraql MAVEN version =4.1.0, =3.5.0, =3.5.0, =3.5.0, =4.1.0, =4.20.0 Source cves: CVE-2024-23114 Source advisory: OSV:GHSA-M43P-55RF-8C2J...
com.scoperetail.fusion:fusion-connect (>=0.46 <=0.79), com.scoperetail.fusion:fusion-connect-core (>=0.3 <=0.58) +11 more potentially affected by CVE-2024-23114 via org.apache.camel:camel-cassandraql (>=3.0.0 <=3.21.3)
org.apache.camel:camel-cassandraql MAVEN version =3.0.0, =0.46, =0.3, =0.5, =1.0.0, =1.0.0, =0.1.0, =0.10.1, =1.0.0-M6, =1.0.0-M6, =2.0.0, =3.0.0, =3.21.3 Source cves: CVE-2024-23114 Source advisory: OSV:GHSA-M43P-55RF-8C2J...
Deserialization of Untrusted Data in Apache Camel CassandraQL
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22...
org.apache.camel.springboot:camel-cassandraql-starter (=3.22.0) potentially affected by CVE-2024-23114 via org.apache.camel:camel-cassandraql (=3.22.0)
org.apache.camel:camel-cassandraql MAVEN version =3.22.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-cassandraql and may be impacted: - org.apache.camel.springboot:camel-cassandraql-starter =3.22.0 Source cves: CVE-2024-23114...
GHSA-M43P-55RF-8C2J Deserialization of Untrusted Data in Apache Camel CassandraQL
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22...
CVE-2024-23114
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22...
CVE-2024-23114 Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22...
CVE-2024-23114 Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22...
CVE-2024-23114
CVE-2024-23114 affects the Apache Camel CassandraQL component’s AggregationRepository, where an unsafe deserialization exposes a path to remote code execution under certain conditions. The associated connected advisories confirm the issue and list affected series: Camel 3.x (3.0.0–3.21.4, and 3.2...
CVE-2024-23114
A deserialization of untrusted data flaw was found in the Apache Camel CassandraQL Component AggregationRepository. The affected versions of Apache Camel are vulnerable to unsafe deserialization, where, under specific conditions, it is possible to deserialize a malicious payload...
PT-2024-3886 · Apache · Apache Camel
Name of the Vulnerable Software and Affected Versions: Apache Camel versions 3.0.0 through 3.21.3 Apache Camel versions 3.22.0 through 3.22.0 Apache Camel versions 4.0.0 through 4.0.3 Apache Camel versions 4.1.0 through 4.3.x Description: The issue is related to the deserialization of untrusted...