Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tNDNwLTU1cmYtOGMyas4AA5ZF
Deserialization of Untrusted Data in Apache Camel CassandraQL
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.
Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
Permalink: https://github.com/advisories/GHSA-m43p-55rf-8c2jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNDNwLTU1cmYtOGMyas4AA5ZF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 2 months ago
Updated: 2 months ago
Identifiers: GHSA-m43p-55rf-8c2j, CVE-2024-23114
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-23114
- https://camel.apache.org/security/CVE-2024-23114.html
- https://issues.apache.org/jira/browse/CAMEL-20306
- https://github.com/apache/camel/pull/12759
- https://github.com/apache/camel/pull/12760
- https://github.com/apache/camel/pull/12761
- https://github.com/apache/camel/pull/12762
- https://github.com/apache/camel/pull/12790
- https://github.com/Croway/potential-cassandra
- https://github.com/advisories/GHSA-m43p-55rf-8c2j
Blast Radius: 0.0
Affected Packages
maven:org.apache.camel:camel-cassandraql
Dependent packages: 33Dependent repositories: 167
Downloads:
Affected Version Ranges: >= 4.1.0, < 4.4.0, >= 4.0.0, < 4.0.4, >= 3.22.0, < 3.22.1, >= 3.0.0, < 3.21.4
Fixed in: 4.4.0, 4.0.4, 3.22.1, 3.21.4
All affected versions: 3.0.0, 3.0.1, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.5.0, 3.6.0, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.7.7, 3.8.0, 3.9.0, 3.10.0, 3.11.0, 3.11.1, 3.11.2, 3.11.3, 3.11.4, 3.11.5, 3.11.6, 3.11.7, 3.12.0, 3.13.0, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.14.5, 3.14.6, 3.14.7, 3.14.8, 3.14.9, 3.14.10, 3.15.0, 3.16.0, 3.17.0, 3.18.0, 3.18.1, 3.18.2, 3.18.3, 3.18.4, 3.18.5, 3.18.6, 3.18.7, 3.18.8, 3.19.0, 3.20.0, 3.20.1, 3.20.2, 3.20.3, 3.20.4, 3.20.5, 3.20.6, 3.20.7, 3.20.8, 3.20.9, 3.21.0, 3.21.1, 3.21.2, 3.21.3, 3.22.0, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.2.0, 4.3.0
All unaffected versions: 2.15.0, 2.15.1, 2.15.2, 2.15.3, 2.15.4, 2.15.5, 2.15.6, 2.16.0, 2.16.1, 2.16.2, 2.16.3, 2.16.4, 2.16.5, 2.17.0, 2.17.1, 2.17.2, 2.17.3, 2.17.4, 2.17.5, 2.17.6, 2.17.7, 2.18.0, 2.18.1, 2.18.2, 2.18.3, 2.18.4, 2.18.5, 2.19.0, 2.19.1, 2.19.2, 2.19.3, 2.19.4, 2.19.5, 2.20.0, 2.20.1, 2.20.2, 2.20.3, 2.20.4, 2.21.0, 2.21.1, 2.21.2, 2.21.3, 2.21.4, 2.21.5, 2.22.0, 2.22.1, 2.22.2, 2.22.3, 2.22.4, 2.22.5, 2.23.0, 2.23.1, 2.23.2, 2.23.3, 2.23.4, 2.24.0, 2.24.1, 2.24.2, 2.24.3, 2.25.0, 2.25.1, 2.25.2, 2.25.3, 2.25.4, 3.21.4, 3.22.1, 4.0.4, 4.4.0, 4.4.1, 4.5.0