Search for packages
| purl | pkg:maven/org.apache.karaf/karaf@4.1.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3wdq-qupf-ducr
Aliases: CVE-2022-22932 GHSA-544x-2jx9-4pfg |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Apache Karaf `obr:*` commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as `obr:*` commands are not very used and the entry is set by user. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-58qf-ca2v-qkc7
Aliases: CVE-2022-40145 GHSA-c2p4-8mvv-rwmv |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-gkcn-5pj5-2ugn
Aliases: CVE-2019-0226 GHSA-fjw4-39pg-vf4f |
Path Traversal Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. |
Affected by 2 other vulnerabilities. |
|
VCID-gq9d-gg4k-ebhd
Aliases: CVE-2018-11786 GHSA-9448-c9wq-jg9v |
Affected by 4 other vulnerabilities. |
|
|
VCID-vs7q-k273-4bcb
Aliases: CVE-2019-0191 GHSA-869j-5855-hjpm |
Path Traversal Apache Karaf kar deployer reads `.kar` archives and extracts the paths from the `repository/` and `resources/` entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it does not do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with `..` directory names and break out of the directories to write arbitrary content to the filesystem. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-hf1y-5953-bkhc |
CVE-2018-11787
GHSA-cq9c-55r7-455x |