GHSA-w66j-xc7r-m2jv

Source

https://github.com/advisories/GHSA-w66j-xc7r-m2jv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-w66j-xc7r-m2jv/GHSA-w66j-xc7r-m2jv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w66j-xc7r-m2jv

Aliases

CVE-2022-45046

Published

2022-12-05T15:30:28Z

Modified

2023-11-08T04:10:49.648396Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

camel-ldap component allows LDAP Injection when using the filter option

Details

The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.

Database specific

{
    "nvd_published_at": "2022-12-05T14:15:00Z",
    "github_reviewed_at": "2022-12-05T23:33:29Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-90"
    ]
}

References

Affected packages

Maven / org.apache.camel:camel-ldap

Package

Name: org.apache.camel:camel-ldap; View open source insights on deps.dev
Purl: pkg:maven/org.apache.camel/camel-ldap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.14.6

Affected versions

1.*

1.5.0

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

2.*

2.0-M1

2.0-M2

2.0-M3

2.0.0

2.1.0

2.2.0

2.3.0

2.4.0

2.5.0

2.6.0

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.7.5

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.9.0-RC1

2.9.0

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.10.0

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.10.6

2.10.7

2.11.0

2.11.1

2.11.2

2.11.3

2.11.4

2.12.0

2.12.1

2.12.2

2.12.3

2.12.4

2.12.5

2.13.0

2.13.1

2.13.2

2.13.3

2.13.4

2.14.0

2.14.1

2.14.2

2.14.3

2.14.4

2.15.0

2.15.1

2.15.2

2.15.3

2.15.4

2.15.5

2.15.6

2.16.0

2.16.1

2.16.2

2.16.3

2.16.4

2.16.5

2.17.0

2.17.1

2.17.2

2.17.3

2.17.4

2.17.5

2.17.6

2.17.7

2.18.0

2.18.1

2.18.2

2.18.3

2.18.4

2.18.5

2.19.0

2.19.1

2.19.2

2.19.3

2.19.4

2.19.5

2.20.0

2.20.1

2.20.2

2.20.3

2.20.4

2.21.0

2.21.1

2.21.2

2.21.3

2.21.4

2.21.5

2.22.0

2.22.1

2.22.2

2.22.3

2.22.4

2.22.5

2.23.0

2.23.1

2.23.2

2.23.3

2.23.4

2.24.0

2.24.1

2.24.2

2.24.3

2.25.0

2.25.1

2.25.2

2.25.3

2.25.4

3.*

3.0.0-M1

3.0.0-M2

3.0.0-M3

3.0.0-M4

3.0.0-RC1

3.0.0-RC2

3.0.0-RC3

3.0.0

3.0.1

3.1.0

3.2.0

3.3.0

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.5.0

3.6.0

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

3.8.0

3.9.0

3.10.0

3.11.0

3.11.1

3.11.2

3.11.3

3.11.4

3.11.5

3.11.6

3.11.7

3.12.0

3.13.0

3.14.0

3.14.1

3.14.2

3.14.3

3.14.4

3.14.5

Maven / org.apache.camel:camel-ldap

Package

Name: org.apache.camel:camel-ldap; View open source insights on deps.dev
Purl: pkg:maven/org.apache.camel/camel-ldap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.15.0

Fixed

3.18.4

Affected versions

3.*

3.15.0

3.16.0

3.17.0

3.18.0

3.18.1

3.18.2

3.18.3