CVE-2022-45046: camel-ldap component allows LDAP Injection when using the filter option

December 5, 2022

The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.

References

www.openwall.com/lists/oss-security/2022/12/05/2
camel.apache.org/security/CVE-2022-45046.html
github.com/advisories/GHSA-w66j-xc7r-m2jv
nvd.nist.gov/vuln/detail/CVE-2022-45046

Detect and mitigate CVE-2022-45046 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →