| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA256 |
| |
| CVE-2022-45046: LDAP Injection in camel-ldap (Retracted) |
| |
| Severity: MEDIUM |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: 3.0.0 up to 3.14.6, and 3.15.0 up to 3.18.3, and 3.19.0. |
| |
| Description: LDAP Injection on camel-ldap component when using the filter option. |
| |
| Mitigation: Users should upgrade to 3.18.4 |
| |
| The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-18696 |
| refers to the various commits that resovoled the issue, and have more details. |
| |
| Credit: This issue was discovered by 4ra1n from Chaitin Tech |
| |
| The camel-spring-ldap component is not affected. Users could use move to the Camel-Spring-Ldap component. |
| |
| The security vulnerability after further analysis is a false alarm (no security risk) and this CVE is retracted. |
| -----BEGIN PGP SIGNATURE----- |
| |
| iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmObGwUACgkQ406fOAL/ |
| QQDo6gf6A4nmp8h/Romt1GRR24aPkizqXBEH7iEk8DSF35IePwGfvRsBAV472dP1 |
| U/QrhmOpRgiLSYwXkahlZZn9yU2oeBrcjwiIbPBNmjYOwIhRaYib5yasJagsp1mh |
| roK1OQZc9ke3KccJtguTc8cwaV7S3YBzw8E6V4XuoPmFA69IdL0YEOjkgfNI9Csw |
| 4YfL/mF8k2xLfqMeuMk0buShxW9bVDW6V3sAF3hG+QTGI1J/11z515vVU0frXB5f |
| l64+qnaBpG+vpeL/vJamzsRMNaslcj19rgQ5jwHZyD4sgiooHJJZsFUJFdHpV8Pa |
| 3IZ5eFBti+VU0x2BqipaW0w4RAqb4A== |
| =Ppzl |
| -----END PGP SIGNATURE----- |