CVE-2024-22371: Apache Camel data exposure vulnerability

February 26, 2024 (updated October 31, 2024)

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Camel: from 3.0.0 through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.

Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

References

camel.apache.org/security/CVE-2024-22371.html
github.com/advisories/GHSA-qpxm-689r-3849
github.com/apache/camel
issues.apache.org/jira/browse/CAMEL-20305
nvd.nist.gov/vuln/detail/CVE-2024-22371

Code Behaviors & Features

Detect and mitigate CVE-2024-22371 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →