You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by ac...@apache.org on 2022/12/06 08:30:46 UTC

[camel-website] branch CVE-2022-45046-fix created (now e52b0546)

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a change to branch CVE-2022-45046-fix
in repository https://gitbox.apache.org/repos/asf/camel-website.git


      at e52b0546 CVE-2022-45046 mitigation fixed

This branch includes the following new commits:

     new e52b0546 CVE-2022-45046 mitigation fixed

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[camel-website] 01/01: CVE-2022-45046 mitigation fixed

Posted by ac...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch CVE-2022-45046-fix
in repository https://gitbox.apache.org/repos/asf/camel-website.git

commit e52b054668d013a0b5c698fc62fab7265c5b8250
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Tue Dec 6 09:30:07 2022 +0100

    CVE-2022-45046 mitigation fixed
    
    Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
 content/security/CVE-2022-45046.txt.asc | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/content/security/CVE-2022-45046.txt.asc b/content/security/CVE-2022-45046.txt.asc
index 35f353fb..562c272e 100644
--- a/content/security/CVE-2022-45046.txt.asc
+++ b/content/security/CVE-2022-45046.txt.asc
@@ -7,11 +7,11 @@ Severity: MEDIUM
 
 Vendor: The Apache Software Foundation
 
-Versions Affected: 3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0.
+Versions Affected: 3.0.0 up to 3.14.6, and 3.15.0 up to 3.18.3, and 3.19.0.
 
 Description: LDAP Injection on camel-ldap component when using the filter option.
 
-Mitigation: Users should upgrade to 3.14.6 or 3.18.4
+Mitigation: Users should upgrade to 3.18.4
 
 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-18696
 refers to the various commits that resovoled the issue, and have more details.
@@ -19,15 +19,14 @@ refers to the various commits that resovoled the issue, and have more details.
 Credit: This issue was discovered by 4ra1n from Chaitin Tech
 
 The camel-spring-ldap component is not affected. Users could use move to the Camel-Spring-Ldap component.
-
 -----BEGIN PGP SIGNATURE-----
 
-iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmONs1UACgkQ406fOAL/
-QQDa3Qf+L65JsqBgwgzyg1mTY/Hj9Bxiqp2IrkehSWtarr62K0IgbUycsQQeaxO3
-0/BBpGd4nG1Appovl79ap2Bni4Pv1jFI1ANqXmpCqVQnHEo9jZ9uPtQeDzrpGgFg
-r3ztolOL58rxpUlU5ntt0U7mLKexpYfFuO3NLzbIN+4nOLBn4cx963DwDTOxg2xy
-jM7EjqEv76OvB+W5OSBAvEIFhJ771WxCF2Q+iViMfI9JzpCyRB+t5jWnm3dOgfLA
-cj4a0B56snt9B7SGu95FM4/guUsOhLkmY0C9fPEoMtiMkUEEXJgNN/lyMH6reWHz
-rIWIyHZ30yKXcPL2wug3XpbWuyZKrQ==
-=eSqt
+iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmOO/TUACgkQ406fOAL/
+QQCI9Qf/UOzWWKhXNc+KPR4GyiQ3aKbXgA0TiEFiAYWfsH/bGrw7Urmze99ad1Id
+gcp6Ejfe+vjNFw3TR4wdwvvyH+PKUx5CvZOKCy4GfB4n+1MPxItqecOoz98erbhD
+SyuLCRo9r2AV86FUQJVYykTQLWEKc6SJJEQcPGNWRzx/VkNDtf81Pkdwwl8HNFmI
+xL6E1yfYEzfBvkiyqODCcyosWD9/KdqdJeE/pXsQrsnRF015f4aoQVm33yqw8zjT
+ochip7dTRdkXjwRVFa3kyyigL8tTTJOO0/VAIT0uEwsoIU8QYe0FLhZzHQbOGlyS
+zC8yC9QREaSBIG3ALpyuSp6YDIZNLg==
+=imPt
 -----END PGP SIGNATURE-----