PT-2013-4959 · Apache · Apache Camel
Grégory Draperi
·
Published
2013-10-04
·
Updated
2023-02-13
·
CVE-2013-4330
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apache Camel versions 2.9.0 through 2.9.6
Apache Camel versions 2.10.0 through 2.10.6
Apache Camel versions 2.11.0 through 2.11.1
Apache Camel version 2.12.0
Description
The issue allows remote attackers to execute arbitrary simple language expressions. This can be achieved by including
$simple{} in a CamelFileName message header to a FILE or FTP producer.Recommendations
For Apache Camel versions 2.9.0 through 2.9.6, update to version 2.9.7 or later.
For Apache Camel versions 2.10.0 through 2.10.6, update to version 2.10.7 or later.
For Apache Camel versions 2.11.0 through 2.11.1, update to version 2.11.2 or later.
For Apache Camel version 2.12.0, update to a version later than 2.12.0.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Camel