CVE-2013-4330 – org.apache.camel:camel-core

Package

Manager: maven
Name: org.apache.camel:camel-core
Vulnerable Version: >=0 <2.9.7 || >=2.10.0 <2.10.7 || >=2.11.0 <2.11.2 || =2.12.0 || >=2.12.0 <2.12.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.26192 pctl0.96104

Details

Improper Control of Generation of Code in Apache Camel Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

Metadata

Created: 2022-05-13T01:26:34Z
Modified: 2023-12-19T21:58:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x9fv-c87w-55wc/GHSA-x9fv-c87w-55wc.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-x9fv-c87w-55wc
Finding: F422
Auto approve: 1