CVE-2024-22369

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f	Vendor Advisory
https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:camel::::::::
	cpe:2.3:a:apache:camel::::::::
	cpe:2.3:a:apache:camel::::::::
	cpe:2.3:a:apache:camel:3.22.0:::::::*

History

02 Apr 2025, 20:17

Type	Values Removed	Values Added
CPE		cpe:2.3:a:apache:camel:::::::: cpe:2.3:a:apache:camel:3.22.0:::::::*
First Time		Apache Apache camel
References	~~() https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f -~~	() https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f - Vendor Advisory

21 Nov 2024, 08:56

Type	Values Removed	Values Added
References	~~() https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f -~~	() https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f -

05 Nov 2024, 20:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

20 Feb 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-20 15:15

Updated : 2025-04-02 20:17

NVD link : CVE-2024-22369

Mitre link : CVE-2024-22369

CVE.ORG link : CVE-2024-22369

JSON object : View

Products Affected

apache

camel

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-22369", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-20T15:15:10.113", "references": [{"url": "https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-502"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.\n\nUsers are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1\n\n"}, {"lang": "es", "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en el componente SQL de Apache Camel. Este problema afecta a Apache Camel: desde 3.0.0 antes de 3.21.4, desde 3.22.0 antes de 3.22.1, desde 4.0.0 antes de 4.0.4, desde 4.1.0 antes de 4.4.0 . Se recomienda a los usuarios actualizar a la versi\u00f3n 4.4.0, que soluciona el problema. Si los usuarios est\u00e1n en el flujo de versiones 4.0.x LTS, se les sugiere actualizar a 4.0.4. Si los usuarios est\u00e1n en 3.x, se les sugiere pasar a 3.21.4 o 3.22.1"}], "lastModified": "2025-04-02T20:17:04.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538BED08-EC3A-4994-AD1C-2E55AF256D72", "versionEndExcluding": "3.21.4", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4586598-5DAA-44D5-BAD8-30B600109792", "versionEndExcluding": "4.0.4", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27A2B9B3-E722-442D-81B4-F2DE97C328FB", "versionEndExcluding": "4.4.0", "versionStartIncluding": "4.1.0"}, {"criteria": "cpe:2.3:a:apache:camel:3.22.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA31037D-507A-42D5-97BE-E57A85C9FF4F"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}