Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component. This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.

Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

Affected Packages

Maven org.apache.camel:camel-sql

Affected versions: 3.0.0 (fixed in 3.21.4)

Maven org.apache.camel:camel-sql

Affected versions: 3.22.0 (fixed in 3.22.1)

Maven org.apache.camel:camel-sql

Affected versions: 4.0.0 (fixed in 4.0.4)

Maven org.apache.camel:camel-sql

Affected versions: 4.1.0 (fixed in 4.4.0)

Related CVEs

CVE-2024-22369

Key Information

GHSA ID

GHSA-36xr-4x2f-cfj9

Published

February 20, 2024 3:31 PM

Last Modified

November 5, 2024 9:33 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.camel:camel-sql

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.