Home > Vulnerability Database > CVE-2024-22371

Mend.io Vulnerability Database

CVE-2024-22371

Good to know:

Date: February 26, 2024

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

Language: Java

Severity Score

2.9

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22371

Url: https://seclists.org/oss-sec/2024/q1/159

Url: https://camel.apache.org/security/CVE-2024-22371.html

Url: https://github.com/apache/camel/commit/11f68102c1d390c5264bc6c49d79059fdbf1cb16

Url: https://www.mend.io/vulnerability-database/CVE-2024-22371

Severity Score

2.9

Top Fix

Upgrade Version

Upgrade to version org.apache.camel:camel-core:3.21.4,3.22.1,4.0.4,4.4.0, org.apache.camel:camel-base:3.21.4,3.22.1,4.0.4,4.4.0, org.apache.camel:camel-support:3.21.4,3.22.1,4.0.4,4.4.0

Learn More

CVSS v3.1

Base Score:	2.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22371

Good to know:

Date: February 26, 2024

Language: Java

Severity Score

Related Resources (5)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?