CVE-2024-22369

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22369
Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f Vendor Advisory
https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.22.0:*:*:*:*:*:*:*
History

02 Apr 2025, 20:17

Type Values Removed Values Added
First Time Apache camel
Apache
CPE cpe:2.3:a:apache:camel:3.22.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
References () https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f - () https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f - Vendor Advisory

21 Nov 2024, 08:56

Type Values Removed Values Added
References () https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f - () https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f -

05 Nov 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
Summary
  • (es) Vulnerabilidad de deserialización de datos no confiables en el componente SQL de Apache Camel. Este problema afecta a Apache Camel: desde 3.0.0 antes de 3.21.4, desde 3.22.0 antes de 3.22.1, desde 4.0.0 antes de 4.0.4, desde 4.1.0 antes de 4.4.0 . Se recomienda a los usuarios actualizar a la versión 4.4.0, que soluciona el problema. Si los usuarios están en el flujo de versiones 4.0.x LTS, se les sugiere actualizar a 4.0.4. Si los usuarios están en 3.x, se les sugiere pasar a 3.21.4 o 3.22.1

20 Feb 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-20 15:15

Updated : 2025-04-02 20:17

NVD link : CVE-2024-22369

Mitre link : CVE-2024-22369

CVE.ORG link : CVE-2024-22369

JSON object : View

Products Affected

apache

  • camel
CWE
CWE-502

Deserialization of Untrusted Data