-
Notifications
You must be signed in to change notification settings - Fork 170
/
CVE-2022-45046.txt.asc
34 lines (23 loc) · 1.26 KB
/
CVE-2022-45046.txt.asc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
CVE-2022-45046: LDAP Injection in camel-ldap (Retracted)
Severity: MEDIUM
Vendor: The Apache Software Foundation
Versions Affected: 3.0.0 up to 3.14.6, and 3.15.0 up to 3.18.3, and 3.19.0.
Description: LDAP Injection on camel-ldap component when using the filter option.
Mitigation: Users should upgrade to 3.18.4
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-18696
refers to the various commits that resovoled the issue, and have more details.
Credit: This issue was discovered by 4ra1n from Chaitin Tech
The camel-spring-ldap component is not affected. Users could use move to the Camel-Spring-Ldap component.
The security vulnerability after further analysis is a false alarm (no security risk) and this CVE is retracted.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmObGwUACgkQ406fOAL/
QQDo6gf6A4nmp8h/Romt1GRR24aPkizqXBEH7iEk8DSF35IePwGfvRsBAV472dP1
U/QrhmOpRgiLSYwXkahlZZn9yU2oeBrcjwiIbPBNmjYOwIhRaYib5yasJagsp1mh
roK1OQZc9ke3KccJtguTc8cwaV7S3YBzw8E6V4XuoPmFA69IdL0YEOjkgfNI9Csw
4YfL/mF8k2xLfqMeuMk0buShxW9bVDW6V3sAF3hG+QTGI1J/11z515vVU0frXB5f
l64+qnaBpG+vpeL/vJamzsRMNaslcj19rgQ5jwHZyD4sgiooHJJZsFUJFdHpV8Pa
3IZ5eFBti+VU0x2BqipaW0w4RAqb4A==
=Ppzl
-----END PGP SIGNATURE-----