N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-4330

CVE-2013-4330: Improper Control of Generation of Code in Apache Camel

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2013-4330

CVE-2013-4330:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.camel:camel-core	maven	< 2.9.7	2.9.7
org.apache.camel:camel-core	maven	>= 2.10.0, < 2.10.7	2.10.7
org.apache.camel:camel-core	maven	>= 2.11.0, < 2.11.2	2.11.2
org.apache.camel:camel-core	maven	= 2.12.0	2.12.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from how the createFileName function handled the CamelFileName header. The original implementation parsed and evaluated Simple Language expressions directly from the header value without proper validation. The GitHub patch commits (e.g., 2281b1f) show modifications to this function to disable direct evaluation of String-based $simple{} expressions in headers, replacing it with type-safe Expression object handling. The CVE description explicitly references header manipulation via $simple{} as the attack vector, and the patched code adds warnings about this deprecated behavior, confirming the function's role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2013-4330: Improper Control of Generation of Code in Apache Camel

CVE-2013-4330:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2013-4330: Improper Control of Generation of Code in Apache Camel

Technical Details

Basic Information

Basic Information

N/A

N/A

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI