You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by ac...@apache.org on 2022/12/05 08:44:21 UTC

[camel-website] branch CVE-2022-45046 created (now faceec7a)

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a change to branch CVE-2022-45046
in repository https://gitbox.apache.org/repos/asf/camel-website.git


      at faceec7a Added security advisory for CVE-2022-45046

This branch includes the following new commits:

     new faceec7a Added security advisory for CVE-2022-45046

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[camel-website] 01/01: Added security advisory for CVE-2022-45046

Posted by ac...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch CVE-2022-45046
in repository https://gitbox.apache.org/repos/asf/camel-website.git

commit faceec7ab715508ab58aa9b82ca4f35f9a8bb392
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Mon Dec 5 09:43:48 2022 +0100

    Added security advisory for CVE-2022-45046
    
    Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
 content/security/CVE-2022-45046.md      | 18 ++++++++++++++++++
 content/security/CVE-2022-45046.txt.asc | 31 +++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/content/security/CVE-2022-45046.md b/content/security/CVE-2022-45046.md
new file mode 100644
index 00000000..5bd2c80d
--- /dev/null
+++ b/content/security/CVE-2022-45046.md
@@ -0,0 +1,18 @@
+---
+title: "Apache Camel Security Advisory - CVE-2022-45046"
+date: 2022-12-05T08:47:42+02:00
+url: /security/CVE-2022-45046.html
+draft: false
+type: security-advisory
+cve: CVE-2022-45046
+severity: MEDIUM
+summary: "LDAP Injection in camel-ldap"
+description: "LDAP Injection on camel-ldap component when using the filter option."
+mitigation: "Users should upgrade to 3.14.6 or 3.18.4"
+credit: "This issue was discovered by 4ra1n from Chaitin Tech"
+affected: 3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0.
+fixed: 3.14.6, 3.18.4
+---
+
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-186906 refers to the various commits that resovoled the issue, and have more details.
+
diff --git a/content/security/CVE-2022-45046.txt.asc b/content/security/CVE-2022-45046.txt.asc
new file mode 100644
index 00000000..4056c648
--- /dev/null
+++ b/content/security/CVE-2022-45046.txt.asc
@@ -0,0 +1,31 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+CVE-2022-45046: LDAP Injection in camel-ldap
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: 3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0.
+
+Description: LDAP Injection on camel-ldap component when using the filter option.
+
+Mitigation: Users should upgrade to 3.14.6 or 3.18.4
+
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-18696
+refers to the various commits that resovoled the issue, and have more details.
+
+Credit: This issue was discovered by 4ra1n from Chaitin Tech
+
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmONrwwACgkQ406fOAL/
+QQC+bQgApkYXOuZO1wXe74gp53QcVIgiHPRDre99t4iYFnn0Y0XJtvhcrrKoOE6w
+T9alaZGFziglaYCrbuRTLkYN6wITW5Vi/jOausHHxVCEi9a4R6+ZvWdnX6zzQx7n
+1E76kX2HVbleHtzlsaLszJ9UEk723lOmqGa26sTsziRagKISzTDfxKaWvjxfglng
+apDRPp0ZAYrqtaLdRiVHhcYNmt/ZKjdACeThitTtXQquKxIo+A4NP9vt/sLLdDkJ
+0q/eeu0JXzvIephYzixxuYkZSZL2BvphcPZz/45SSN86yPfJhPOvadTN+tEhDoqB
+1koH5WvO/Y2lZ73Qaq4asi75bq1rdw==
+=b/A+
+-----END PGP SIGNATURE-----