Camel
  1. Camel
  2. CAMEL-6748

CVE-2013-4330: Skipping Header Evaluation

    Details

    • Estimated Complexity:
      Unknown

      Description

      The current file producer code will evaluate CamelFileName headers as simple expressions if they start with "$simple". There are other ways to achieve this same thing and this functionality is unnecessary.

        Activity

        Hide
        Claus Ibsen added a comment -

        Thanks for the patch.

        I improved the patch to check that the FILE_NAME was already an Expression and use it as is.

        Show
        Claus Ibsen added a comment - Thanks for the patch. I improved the patch to check that the FILE_NAME was already an Expression and use it as is.
        Hide
        James Carman added a comment -

        This patch implements the improvement and includes a WARN-level message to warn the user about the regression, pointing to this issue.

        Show
        James Carman added a comment - This patch implements the improvement and includes a WARN-level message to warn the user about the regression, pointing to this issue.

          People

          • Assignee:
            Claus Ibsen
            Reporter:
            James Carman
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development