Hi,
A few weeks ago, I posted to this list about my thought on the camel-websocket
http://camel.465427.n5.nabble.com/thoughts-on-the-camel-websocket-component-td5739005.html#a5739013
I did some prototyping and I wanted to share this with you to get some
feedback. But I will be on vacation and not
Ok, done.
Best,
Christian
-
Software Integration Specialist
Apache Camel committer: https://camel.apache.org/team
V.P. Apache Camel: https://www.apache.org/foundation/
Apache Member: https://www.apache.org/foundation/members.html
https://www.linkedin.com/pub/christian-mueller/11
Yeah or maybe just.
Writing files using FILE or FTP components, can potentially be
exploited by a malicious user.
On Mon, Sep 30, 2013 at 12:51 PM, Christian Müller
wrote:
> It's a bit long...
>
> What's with:
> CVE-2013-4330 - The FILE and FTP producer interprets the header
> 'CamelFileName' a
It's a bit long...
What's with:
CVE-2013-4330 - The FILE and FTP producer interprets the header
'CamelFileName' as simple language expression if it matches '$simple{...}'.
Best,
Christian
-
Software Integration Specialist
Apache Camel committer: https://camel.apache.org/team
V.P
I would suggest to update the title on the page
http://camel.apache.org/security-advisories.html
From:
CVE-2013-4330 - Apache Camel critical disclosure vulnerability
To:
CVE-2013-4330 - When sending an Exchange with the in Message Header
'CamelFileName' with a value of '$simple{...}' to a FILE or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2013-4330: Apache Camel critical disclosure vulnerability
Severity: Critical
Vendor: The Apache Software Foundation
Versions Affected: Camel 2.9.0 to 2.9.7, Camel 2.10.0 to 2.10.6, Camel
2.11.0 to 2.11.1, Camel 2.12.0
The unsupported Camel 2.3.x
