Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22369

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

Published

2024-02-20T15:15:10.113

Last Modified

2025-04-02T20:17:04.160

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-502
Type: Secondary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	camel	< 3.21.4	Yes
Application	apache	camel	< 4.0.4	Yes
Application	apache	camel	< 4.4.0	Yes
Application	apache	camel	3.22.0	Yes

References

https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f Vendor Advisory ([email protected])
https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)