CVSS: 2.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-22371 – Apache Camel issue on ExchangeCreatedEvent
https://notcve.org/view.php?id=CVE-2024-22371
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. Exposición de datos confidenciales mediante la creación de un EventFactory malicioso y proporcionando un ExchangeCreatedEvent personalizado que expone datos confidenciales. Vulnerabilidad en Apache Camel. Este problema afecta a Apache Camel: desde 3.21.X hasta 3.21.3, desde 3.22.X hasta 3.22.0, desde 4.0.X hasta 4.0.3, desde 4.X hasta 4.3.0. • https://camel.apache.org/security/CVE-2024-22371.html https://access.redhat.com/security/cve/CVE-2024-22371 https://bugzilla.redhat.com/show_bug.cgi?id=2266024 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23114 – Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository
https://notcve.org/view.php?id=CVE-2024-23114
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1 Vulnerabilidad de deserialización de datos no confiables en Apache Camel CassandraQL Component AggregationRepository que es vulnerable a una deserialización insegura. Bajo condiciones específicas, es posible deserializar la carga útil maliciosa. • https://camel.apache.org/security/CVE-2024-23114.html • CWE-502: Deserialization of Untrusted Data •
CVSS: -EPSS: 0%CPEs: 4EXPL: 1CVE-2024-22369 – Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository
https://notcve.org/view.php?id=CVE-2024-22369
Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1 Vulnerabilidad de deserialización de datos no confiables en el componente SQL de Apache Camel. Este problema afecta a Apache Camel: desde 3.0.0 antes de 3.21.4, desde 3.22.0 antes de 3.22.1, desde 4.0.0 antes de 4.0.4, desde 4.1.0 antes de 4.4.0 . Se recomienda a los usuarios actualizar a la versión 4.4.0, que soluciona el problema. • https://github.com/oscerd/CVE-2024-22369 https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 81%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-34442 – Apache Camel JIRA: Temporary file information disclosure in Camel-Jira
https://notcve.org/view.php?id=CVE-2023-34442
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 • https://lists.apache.org/thread/x4vy2hhbltb1xrvy1g6m8hpjgj2k7wgh • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •