VDB
CNVD-2024-39157
CNVD-2024-39157
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Apache Camel是美国阿帕奇(Apache)基金会的一套开源的基于Enterprise Integration Pattern(企业整合模式,简称EIP)的集成框架。该框架提供企业集成模式的Java对象(POJO)的实现,且通过应用程序接口来配置路由和中介的规则。 Apache Camel存在反序列化漏洞,该漏洞源于应用程序在接收用户提交的序列化数据的不安全反序列化处理,攻击者可利用该漏洞导致代码执行。
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache Software Foundation | Apache Camel | 4.1.0, 3.0.0, 3.22.0 |
| apache | camel | 3.0.0, 3.22.0, 4.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-23114 (circl-sighting)
- CIRCL seen: CVE-2024-23114 (circl-sighting)
- CIRCL seen: CVE-2024-23114 (circl-sighting)
- CIRCL seen: CVE-2024-23114 (circl-sighting)
- https://camel.apache.org/security/CVE-2024-23114.html (circl)
Timeline
- Feb 18, 2024 CVE Published
- Feb 20, 2024 PoC Published
- Feb 20, 2024 PoC Published
- Feb 21, 2024 PoC Published
- Mar 8, 2024 PoC Published
References
- https://camel.apache.org/security/CVE-2024-23114.html vendor-advisory