CVE-2013-4330Code Injection in Apache Camel

CWE-94Code Injection8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
22.6%
top 4.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Camel
Timeline
PublishedOct 4
Latest updateMay 13

Description

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapache/camel2.9.6+47

🔴Vulnerability Details

4
GHSA
Improper Control of Generation of Code in Apache Camel2022-05-13
OSV
Improper Control of Generation of Code in Apache Camel2022-05-13
OSV
perl vulnerabilities2016-03-02
CVEList
CVE-2013-4330: Apache Camel before 22013-10-04

📋Vendor Advisories

2
Red Hat
Camel: remote code execution via header field manipulation2013-09-30
Apache
Apache camel: CVE-2013-4330

💬Community

1
Bugzilla
CVE-2013-4330 Camel: remote code execution via header field manipulation2013-09-25
CVE-2013-4330 — Code Injection in Apache Camel | cvebase