---

title: “Apache Camel Security Advisory - CVE-2022-45046 (Retracted)” date: 2022-12-05T08:47:42+02:00 url: /security/CVE-2022-45046.html draft: false type: security-advisory cve: CVE-2022-45046 severity: MEDIUM summary: “LDAP Injection in camel-ldap” description: “LDAP Injection on camel-ldap component when using the filter option.” mitigation: “Users should upgrade to 3.14.6 or 3.18.4” credit: “This issue was discovered by 4ra1n from Chaitin Tech” affected: 3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0. fixed: 3.14.6, 3.18.4

The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-186906 refers to the various commits that resovoled the issue, and have more details. The camel-spring-ldap component is not affected. Users could use move to the Camel-Spring-Ldap component.

The security vulnerability after further analysis is a false alarm (no security risk) and this CVE is retracted.