CVE-2013-4330
Improper Control of Generation of Code in Apache Camel
EPSS 18.0%
Description
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
How to fix CVE-2013-4330
To remediate CVE-2013-4330, upgrade the affected package to a fixed version below.
- Maven/org.apache.camel:camel-core—upgrade to 2.9.7 or later
Is CVE-2013-4330 being exploited?
Moderate — EPSS is 18.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.9.7