Headline
CVE-2022-45046: Apache Camel Security Advisory - CVE-2022-45046
The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.
SeverityMEDIUMSummaryLDAP Injection in camel-ldapVersions affected3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0.Versions fixed3.14.6, 3.18.4DescriptionLDAP Injection on camel-ldap component when using the filter option.Notes
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-186906 refers to the various commits that resovoled the issue, and have more details. The camel-spring-ldap component is not affected. Users could use move to the Camel-Spring-Ldap component.
MitigationUsers should upgrade to 3.14.6 or 3.18.4CreditThis issue was discovered by 4ra1n from Chaitin TechReferences
PGP signed advisory data: CVE-2022-45046.txt.asc
Mitre CVE Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45046
Related news
The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.