Apache Camel security advisory: CVE-2022-45046
Severity
MEDIUMSummary
LDAP Injection in camel-ldapVersions affected
3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0.Versions fixed
3.14.6, 3.18.4Description
LDAP Injection on camel-ldap component when using the filter option.Notes
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-186906 refers to the various commits that resovoled the issue, and have more details. The camel-spring-ldap component is not affected. Users could use move to the Camel-Spring-Ldap component.
The security vulnerability after further analysis is a false alarm (no security risk) and this CVE is retracted.
Mitigation
Users should upgrade to 3.14.6 or 3.18.4Credit
This issue was discovered by 4ra1n from Chaitin TechReferences
- PGP signed advisory data: CVE-2022-45046.txt.asc
- Mitre CVE Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45046