Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-23114

Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

Published

2024-02-20T15:15:10.333

Last Modified

2025-04-02T20:19:16.420

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	camel	< 3.21.4	Yes
Application	apache	camel	< 4.0.4	Yes
Application	apache	camel	< 4.4.0	Yes
Application	apache	camel	3.22.0	Yes

References

https://camel.apache.org/security/CVE-2024-23114.html Vendor Advisory ([email protected])
https://camel.apache.org/security/CVE-2024-23114.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)