You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2022/12/06 08:30:46 UTC
[camel-website] branch CVE-2022-45046-fix created (now e52b0546)
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a change to branch CVE-2022-45046-fix
in repository https://gitbox.apache.org/repos/asf/camel-website.git
at e52b0546 CVE-2022-45046 mitigation fixed
This branch includes the following new commits:
new e52b0546 CVE-2022-45046 mitigation fixed
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[camel-website] 01/01: CVE-2022-45046 mitigation fixed
Posted by ac...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch CVE-2022-45046-fix
in repository https://gitbox.apache.org/repos/asf/camel-website.git
commit e52b054668d013a0b5c698fc62fab7265c5b8250
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Tue Dec 6 09:30:07 2022 +0100
CVE-2022-45046 mitigation fixed
Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
content/security/CVE-2022-45046.txt.asc | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/content/security/CVE-2022-45046.txt.asc b/content/security/CVE-2022-45046.txt.asc
index 35f353fb..562c272e 100644
--- a/content/security/CVE-2022-45046.txt.asc
+++ b/content/security/CVE-2022-45046.txt.asc
@@ -7,11 +7,11 @@ Severity: MEDIUM
Vendor: The Apache Software Foundation
-Versions Affected: 3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0.
+Versions Affected: 3.0.0 up to 3.14.6, and 3.15.0 up to 3.18.3, and 3.19.0.
Description: LDAP Injection on camel-ldap component when using the filter option.
-Mitigation: Users should upgrade to 3.14.6 or 3.18.4
+Mitigation: Users should upgrade to 3.18.4
The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-18696
refers to the various commits that resovoled the issue, and have more details.
@@ -19,15 +19,14 @@ refers to the various commits that resovoled the issue, and have more details.
Credit: This issue was discovered by 4ra1n from Chaitin Tech
The camel-spring-ldap component is not affected. Users could use move to the Camel-Spring-Ldap component.
-
-----BEGIN PGP SIGNATURE-----
-iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmONs1UACgkQ406fOAL/
-QQDa3Qf+L65JsqBgwgzyg1mTY/Hj9Bxiqp2IrkehSWtarr62K0IgbUycsQQeaxO3
-0/BBpGd4nG1Appovl79ap2Bni4Pv1jFI1ANqXmpCqVQnHEo9jZ9uPtQeDzrpGgFg
-r3ztolOL58rxpUlU5ntt0U7mLKexpYfFuO3NLzbIN+4nOLBn4cx963DwDTOxg2xy
-jM7EjqEv76OvB+W5OSBAvEIFhJ771WxCF2Q+iViMfI9JzpCyRB+t5jWnm3dOgfLA
-cj4a0B56snt9B7SGu95FM4/guUsOhLkmY0C9fPEoMtiMkUEEXJgNN/lyMH6reWHz
-rIWIyHZ30yKXcPL2wug3XpbWuyZKrQ==
-=eSqt
+iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmOO/TUACgkQ406fOAL/
+QQCI9Qf/UOzWWKhXNc+KPR4GyiQ3aKbXgA0TiEFiAYWfsH/bGrw7Urmze99ad1Id
+gcp6Ejfe+vjNFw3TR4wdwvvyH+PKUx5CvZOKCy4GfB4n+1MPxItqecOoz98erbhD
+SyuLCRo9r2AV86FUQJVYykTQLWEKc6SJJEQcPGNWRzx/VkNDtf81Pkdwwl8HNFmI
+xL6E1yfYEzfBvkiyqODCcyosWD9/KdqdJeE/pXsQrsnRF015f4aoQVm33yqw8zjT
+ochip7dTRdkXjwRVFa3kyyigL8tTTJOO0/VAIT0uEwsoIU8QYe0FLhZzHQbOGlyS
+zC8yC9QREaSBIG3ALpyuSp6YDIZNLg==
+=imPt
-----END PGP SIGNATURE-----