oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access

From: Arnout Engelen <engelen () apache org>
Date: Thu, 09 May 2024 06:48:37 +0000
Severity: important

Affected versions:

- Apache Karaf Cave or later

Description:

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all 
versions of Apache Karaf Cave.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an 
alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are 
no longer supported by the maintainer.

Credit:

cigar (finder)

References:

https://karaf.apache.org/security/cve-2024-34365.txt
https://karaf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-34365
Previous By Date Next
Previous By Thread Next

Current thread: