NA

CVE-2013-4330

Published: 04/10/2013 Updated: 18/05/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Camel prior to 2.9.7, 2.10.0 prior to 2.10.7, 2.11.0 prior to 2.11.2, and 2.12.0 allows remote malicious users to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache camel 2.11.1

apache camel 2.10.0

apache camel

apache camel 2.9.5

apache camel 2.8.4

apache camel 2.8.3

apache camel 2.7.2

apache camel 2.7.1

apache camel 2.1.0

apache camel 2.0.0

apache camel 1.6.0

apache camel 1.5.0

apache camel 1.1.0

apache camel 2.10.6

apache camel 2.8.6

apache camel 1.2.0

apache camel 2.2.0

apache camel 1.6.2

apache camel 2.4.0

apache camel 2.11.0

apache camel 2.9.0

apache camel 2.7.5

apache camel 2.3.0

apache camel 2.9.1

apache camel 2.8.0

apache camel 2.10.4

apache camel 2.12.0

apache camel 1.6.1

apache camel 1.6.4

apache camel 2.10.3

apache camel 2.7.4

apache camel 2.10.5

apache camel 1.6.3

apache camel 2.7.3

apache camel 2.5.0

apache camel 2.8.5

apache camel 2.9.4

apache camel 1.4.0

apache camel 1.0.0

apache camel 2.10.1

apache camel 2.9.2

apache camel 2.7.0

apache camel 2.8.1

apache camel 1.3.0

apache camel 2.9.3

apache camel 2.6.0

apache camel 2.10.2

apache camel 2.8.2

Vendor Advisories

Apache Camel before 297, 2100 before 2107, 2110 before 2112, and 2120 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer ...