CVE-2024-22369

HIGH

Apache Camel <4.4.0 - Deserialization

Title source: llm

Description

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

Exploits (1)

nomisec WORKING POC 4 stars

by oscerd · poc

https://github.com/oscerd/CVE-2024-22369

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f

Scores

CVSS v3 7.8

EPSS 0.0475

EPSS Percentile 89.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-502

Status published

Products (3)

apache/camel 3.22.0

apache/camel 3.0.0 - 3.21.4

org.apache.camel/camel-sql 3.0.0 - 3.21.4Maven

Published Feb 20, 2024

Tracked Since Feb 18, 2026