Moderate severityNVD Advisory· Published Oct 4, 2013· Updated Jun 16, 2026
CVE-2013-4330
CVE-2013-4330
Description
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.camel:camel-coreMaven | < 2.9.7 | 2.9.7 |
org.apache.camel:camel-coreMaven | >= 2.10.0, < 2.10.7 | 2.10.7 |
org.apache.camel:camel-coreMaven | >= 2.11.0, < 2.11.2 | 2.11.2 |
org.apache.camel:camel-coreMaven | >= 2.12.0, < 2.12.1 | 2.12.1 |
Affected products
52cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*+ 50 more
- cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*range: <=2.9.6
- cpe:2.3:a:apache:camel:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.0.0:milestone1:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.0.0:milestone2:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.0.0:milestone3:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.9.5:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
24- camel.apache.org/security-advisories.data/CVE-2013-4330.txt.ascnvdVendor AdvisoryWEB
- secunia.com/advisories/54888nvdVendor Advisory
- github.com/advisories/GHSA-x9fv-c87w-55wcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4330ghsaADVISORY
- packetstormsecurity.com/files/123454ghsaWEB
- rhn.redhat.com/errata/RHSA-2013-1862.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2014-0124.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2014-0140.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2014-0245.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2014-0254.htmlnvdWEB
- seclists.org/fulldisclosure/2013/Sep/178nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/87542nvdWEB
- github.com/apache/camel/commit/2281b1f365c50ee1a470fb9990b753eadee9095ghsaWEB
- github.com/apache/camel/commit/27a9752a565fbef436bac4fcf22d339e3295b2aghsaWEB
- github.com/apache/camel/commit/3215fe50dd42c83a7a454dd36486843fe36eae4ghsaWEB
- github.com/apache/camel/commit/5ba8f63f78f82b0cddf6cecbf59ac444a0cae2a6ghsaWEB
- github.com/apache/camel/commit/ce19353f1297c5d3dc59be21a1ead89c0a44907ghsaWEB
- issues.apache.org/jira/browse/CAMEL-6748ghsaWEB
- lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3EnvdWEB
- lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3EnvdWEB
- lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3EghsaWEB
- osvdb.org/97941nvd
- packetstormsecurity.com/files/123454/nvd
News mentions
0No linked articles in our index yet.