CVE-2024-22371
Last modified
CVE-2024-22371 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. . EPSS estimates a 0.69% chance of exploitation in the next 30 days.
Description
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Camel | >= 3.0.0, < 3.21.4 |
| Apache | Camel | >= 4.0.0, < 4.0.4 |
| Apache | Camel | >= 4.1.0, < 4.4.0 |
| Apache | Camel | 3.22.0 |
References
- https://camel.apache.org/security/CVE-2024-22371.htmlVendor Advisory
- https://camel.apache.org/security/CVE-2024-22371.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-22371?
How severe is CVE-2024-22371?
How do I fix CVE-2024-22371?
Are you affected by CVE-2024-22371?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST