| title | date | url | draft | type | cve | severity | summary | description | mitigation | credit | affected | fixed |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Apache Camel Security Advisory - CVE-2022-45046 (Retracted) |
2022-12-05 08:47:42 +0200 |
/security/CVE-2022-45046.html |
false |
security-advisory |
CVE-2022-45046 |
MEDIUM |
LDAP Injection in camel-ldap |
LDAP Injection on camel-ldap component when using the filter option. |
Users should upgrade to 3.14.6 or 3.18.4 |
This issue was discovered by 4ra1n from Chaitin Tech |
3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0. |
3.14.6, 3.18.4 |
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-186906 refers to the various commits that resovoled the issue, and have more details. The camel-spring-ldap component is not affected. Users could use move to the Camel-Spring-Ldap component.
The security vulnerability after further analysis is a false alarm (no security risk) and this CVE is retracted.