Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-22369— Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository

EPSS 4.75% · P90
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-22369

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository
Source: NVD (National Vulnerability Database)
Vulnerability Description
Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Camel 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Camel是美国阿帕奇(Apache)基金会的一套开源的基于Enterprise Integration Pattern(企业整合模式,简称EIP)的集成框架。该框架提供企业集成模式的Java对象(POJO)的实现,且通过应用程序接口来配置路由和中介的规则。 Apache Camel存在代码问题漏洞,该漏洞源于存在不受信任数据反序列化漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache Camel 3.0.0 ~ 3.21.4 -

II. Public POCs for CVE-2024-22369

#POC DescriptionSource LinkShenlong Link
1CVE-2024-22369 Reproducerhttps://github.com/oscerd/CVE-2024-22369POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-22369

登录查看更多情报信息。

Same Patch Batch · Apache Software Foundation · 2024-02-20 · 7 CVEs total

CVE-2023-49109Remote Code Execution in Apache Dolphinscheduler
CVE-2023-49250Apache DolphinScheduler: Insecure TLS TrustManager used in HttpUtil
CVE-2023-50270Apache DolphinScheduler: Session do not expire after password change
CVE-2023-51770Apache DolphinScheduler: Arbitrary File Read Vulnerability
CVE-2024-23114Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepositor
CVE-2024-25141Apache Airflow Mongo Provider: Certificate validation isn't respected even if SSL is enabl

IV. Related Vulnerabilities

Same product: Apache Camel
Same vendor: Apache Software Foundation
Same weakness: CWE-502

V. Comments for CVE-2024-22369

No comments yet

Leave a comment