CVE-2024-22371

Summary

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.

Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Camel1.x <= 1.6.0unaffected
Apache Software FoundationApache Camel3.21.x <= 3.21.3affected
Apache Software FoundationApache Camel3.22.x <= 3.22.0affected
Apache Software FoundationApache Camel4.0.x <= 4.0.3affected
Apache Software FoundationApache Camel4.x <= 4.3.0affected

Weaknesses

  • Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References