CVE-2024-22371

LOW2.9EPSS 0.85%

Apache Camel data exposure vulnerability

發布日:2024/2/26修改日:2024/10/31

描述

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Camel: from 3.0.0 through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

受影響套件(1)

Maven/org.apache.camel:camel-core>= 3.0.0, < 3.21.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	LOW2.9	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-22371
PATCHhttps://github.com/apache/camel
WEBhttps://camel.apache.org/security/CVE-2024-22371.html
WEBhttps://issues.apache.org/jira/browse/CAMEL-20305