{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T19:42:58.820","vulnerabilities":[{"cve":{"id":"CVE-2024-22371","sourceIdentifier":"security@apache.org","published":"2024-02-26T16:27:56.557","lastModified":"2025-04-25T18:56:25.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\n\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\n\n"},{"lang":"es","value":"Exposición de datos confidenciales mediante la creación de un EventFactory malicioso y proporcionando un ExchangeCreatedEvent personalizado que expone datos confidenciales. Vulnerabilidad en Apache Camel. Este problema afecta a Apache Camel: desde 3.21.X hasta 3.21.3, desde 3.22.X hasta 3.22.0, desde 4.0.X hasta 4.0.3, desde 4.X hasta 4.3.0. Se recomienda a los usuarios actualizar a la versión 3.21.4, 3.22.1, 4.0.4 o 4.4.0, que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-922"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.21.4","matchCriteriaId":"538BED08-EC3A-4994-AD1C-2E55AF256D72"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:-:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.4","matchCriteriaId":"0D74033D-CA38-4898-AAF5-9A326272C684"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.4.0","matchCriteriaId":"27A2B9B3-E722-442D-81B4-F2DE97C328FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:3.22.0:*:*:*:*:*:*:*","matchCriteriaId":"FA31037D-507A-42D5-97BE-E57A85C9FF4F"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2024-22371.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://camel.apache.org/security/CVE-2024-22371.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}