Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-m43p-55rf-8c2j

GitHub Security Advisory

Deserialization of Untrusted Data in Apache Camel CassandraQL

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.

Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1

Affected Packages

Maven org.apache.camel:camel-cassandraql
Affected versions: 3.0.0 (fixed in 3.21.4)
Maven org.apache.camel:camel-cassandraql
Affected versions: 3.22.0 (fixed in 3.22.1)
Maven org.apache.camel:camel-cassandraql
Affected versions: 4.0.0 (fixed in 4.0.4)
Maven org.apache.camel:camel-cassandraql
Affected versions: 4.1.0 (fixed in 4.4.0)

Related CVEs

CVE-2024-23114

Key Information

GHSA ID
GHSA-m43p-55rf-8c2j
Published
February 20, 2024 3:31 PM
Last Modified
February 22, 2024 8:31 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.apache.camel:camel-cassandraql
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.