CVE-2022-45046 — camel-ldap component allows LDAP Injection when using the filter option

Description

The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.

How to fix CVE-2022-45046

To remediate CVE-2022-45046, upgrade the affected package to a fixed version below.

Maven/org.apache.camel:camel-ldap—upgrade to 3.14.6 or later

Is CVE-2022-45046 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2022-45046.

Affected packages (1)

from 0, < 3.14.6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-45046
PATCHgithub.com/apache/camel
WEBcamel.apache.org/security/CVE-2022-45046.html
WEBwww.openwall.com/lists/oss-security/2022/12/05/2