Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-22371. PoCs published by vishalborkar7.
AI-analyzed exploit summary This repository contains a functional PoC for CVE-2024-22371, demonstrating an information leakage vulnerability in Apache Camel where sensitive data in Exchange objects is exposed via toString() methods. The test cases simulate the vulnerability by injecting sensitive data and confirming its exposure.
Description
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
Exploits (1)
This repository contains a functional PoC for CVE-2024-22371, demonstrating an information leakage vulnerability in Apache Camel where sensitive data in Exchange objects is exposed via toString() methods. The test cases simulate the vulnerability by injecting sensitive data and confirming its exposure.
References (1)
Scores
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N