-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2022-45046: LDAP Injection in camel-ldap (Retracted)

Severity: MEDIUM

Vendor: The Apache Software Foundation

Versions Affected: 3.0.0 up to 3.14.6, and 3.15.0 up to 3.18.3, and 3.19.0.

Description: LDAP Injection on camel-ldap component when using the filter option.

Mitigation: Users should upgrade to 3.18.4

The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-18696
refers to the various commits that resovoled the issue, and have more details.

Credit: This issue was discovered by 4ra1n from Chaitin Tech

The camel-spring-ldap component is not affected. Users could use move to the Camel-Spring-Ldap component.

The security vulnerability after further analysis is a false alarm (no security risk) and this CVE is retracted.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmObGwUACgkQ406fOAL/
QQDo6gf6A4nmp8h/Romt1GRR24aPkizqXBEH7iEk8DSF35IePwGfvRsBAV472dP1
U/QrhmOpRgiLSYwXkahlZZn9yU2oeBrcjwiIbPBNmjYOwIhRaYib5yasJagsp1mh
roK1OQZc9ke3KccJtguTc8cwaV7S3YBzw8E6V4XuoPmFA69IdL0YEOjkgfNI9Csw
4YfL/mF8k2xLfqMeuMk0buShxW9bVDW6V3sAF3hG+QTGI1J/11z515vVU0frXB5f
l64+qnaBpG+vpeL/vJamzsRMNaslcj19rgQ5jwHZyD4sgiooHJJZsFUJFdHpV8Pa
3IZ5eFBti+VU0x2BqipaW0w4RAqb4A==
=Ppzl
-----END PGP SIGNATURE-----