First published: Mon Feb 26 2024(Updated: )
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Camel: from 3.0.0 through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.apache.camel:camel-core | >=3.0.0<3.21.4 | 3.21.4 |
maven/org.apache.camel:camel-core | >=4.1.0<4.4.0 | 4.4.0 |
maven/org.apache.camel:camel-core | >=4.0.0<4.0.4 | 4.0.4 |
maven/org.apache.camel:camel-core | =3.22.0 | 3.22.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.