You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2022/12/05 10:57:04 UTC

[camel-website] 01/02: Added security advisory for CVE-2022-45046

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git

commit 43fe0960a9d579d2ec53d99cc767666c7668b5ff
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Mon Dec 5 09:43:48 2022 +0100

    Added security advisory for CVE-2022-45046
    
    Signed-off-by: Andrea Cosentino <an...@gmail.com>
---
 content/security/CVE-2022-45046.md      | 18 ++++++++++++++++++
 content/security/CVE-2022-45046.txt.asc | 31 +++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/content/security/CVE-2022-45046.md b/content/security/CVE-2022-45046.md
new file mode 100644
index 00000000..5bd2c80d
--- /dev/null
+++ b/content/security/CVE-2022-45046.md
@@ -0,0 +1,18 @@
+---
+title: "Apache Camel Security Advisory - CVE-2022-45046"
+date: 2022-12-05T08:47:42+02:00
+url: /security/CVE-2022-45046.html
+draft: false
+type: security-advisory
+cve: CVE-2022-45046
+severity: MEDIUM
+summary: "LDAP Injection in camel-ldap"
+description: "LDAP Injection on camel-ldap component when using the filter option."
+mitigation: "Users should upgrade to 3.14.6 or 3.18.4"
+credit: "This issue was discovered by 4ra1n from Chaitin Tech"
+affected: 3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0.
+fixed: 3.14.6, 3.18.4
+---
+
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-186906 refers to the various commits that resovoled the issue, and have more details.
+
diff --git a/content/security/CVE-2022-45046.txt.asc b/content/security/CVE-2022-45046.txt.asc
new file mode 100644
index 00000000..4056c648
--- /dev/null
+++ b/content/security/CVE-2022-45046.txt.asc
@@ -0,0 +1,31 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+CVE-2022-45046: LDAP Injection in camel-ldap
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: 3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0.
+
+Description: LDAP Injection on camel-ldap component when using the filter option.
+
+Mitigation: Users should upgrade to 3.14.6 or 3.18.4
+
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-18696
+refers to the various commits that resovoled the issue, and have more details.
+
+Credit: This issue was discovered by 4ra1n from Chaitin Tech
+
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmONrwwACgkQ406fOAL/
+QQC+bQgApkYXOuZO1wXe74gp53QcVIgiHPRDre99t4iYFnn0Y0XJtvhcrrKoOE6w
+T9alaZGFziglaYCrbuRTLkYN6wITW5Vi/jOausHHxVCEi9a4R6+ZvWdnX6zzQx7n
+1E76kX2HVbleHtzlsaLszJ9UEk723lOmqGa26sTsziRagKISzTDfxKaWvjxfglng
+apDRPp0ZAYrqtaLdRiVHhcYNmt/ZKjdACeThitTtXQquKxIo+A4NP9vt/sLLdDkJ
+0q/eeu0JXzvIephYzixxuYkZSZL2BvphcPZz/45SSN86yPfJhPOvadTN+tEhDoqB
+1koH5WvO/Y2lZ73Qaq4asi75bq1rdw==
+=b/A+
+-----END PGP SIGNATURE-----