CVE-2024-22371

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.

Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.

Published: Feb 26, 2024
Updated: Apr 30, 2025
CVE: CVE-2024-22371
GHSA: GHSA-qpxm-689r-3849
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
org.apache.camel / camel-core	3.22.0	3.22.0.x
org.apache.camel / camel-core	3.22.0	3.22.1
org.apache.camel / camel-core	4.0.0	4.0.4
org.apache.camel / camel-core	4.1.0	4.4.0
org.apache.camel / camel-core	3.0.0	3.21.4
apache / camel	3.0.0	3.21.4
apache / camel	4.1.0	4.4.0
apache / camel	3.22.0	3.22.0.x
apache / camel	4.0.0	4.0.4

https://camel.apache.org/security/CVE-2024-22371.html
https://issues.apache.org/jira/browse/CAMEL-20305

Vulnerability Database

289,697

CVE-2024-22371