Home > Vulnerability Database > CVE-2024-22371

Mend.io Vulnerability Database

CVE-2024-22371

Good to know:

Date: February 26, 2024

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

Language: Java

Severity Score

2.9

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22371

Url: https://github.com/apache/camel

Url: https://camel.apache.org/security/CVE-2024-22371.html

Url: https://issues.apache.org/jira/browse/CAMEL-20305

Url: https://www.mend.io/vulnerability-database/CVE-2024-22371

Severity Score

2.9

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insecure Storage of Sensitive Information

CWE-922

Top Fix

Upgrade Version

Upgrade to version org.apache.camel:camel-core:3.21.4,3.22.1,4.0.4,4.4.0, org.apache.camel:camel-base:3.21.4,3.22.1,4.0.4,4.4.0, org.apache.camel:camel-support:3.21.4,3.22.1,4.0.4,4.4.0

Learn More

CVSS v3.1

Base Score:	2.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22371

Good to know:

Date: February 26, 2024

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?