Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.karaf.config/org.apache.karaf.config.core@3.0.1

Type maven

Namespace org.apache.karaf.config

Name org.apache.karaf.config.core

Version 3.0.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.2.5

Latest_non_vulnerable_version 4.2.5

Affected_by_vulnerabilities

url VCID-zqkq-86fw-nfah

vulnerability_id VCID-zqkq-86fw-nfah

summary

Path Traversal
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0226

reference_id

reference_type

scores

value	0.01615
scoring_system	epss
scoring_elements	0.8215
published_at	2026-06-05T12:55:00Z

value	0.01615
scoring_system	epss
scoring_elements	0.82161
published_at	2026-06-09T12:55:00Z

value	0.01615
scoring_system	epss
scoring_elements	0.82146
published_at	2026-06-08T12:55:00Z

value	0.01615
scoring_system	epss
scoring_elements	0.82151
published_at	2026-06-06T12:55:00Z

value	0.01615
scoring_system	epss
scoring_elements	0.82121
published_at	2026-06-04T12:55:00Z

value	0.01615
scoring_system	epss
scoring_elements	0.82153
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0226

reference_url

https://github.com/apache/karaf

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/karaf

reference_url

https://github.com/apache/karaf/pull/805

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/karaf/pull/805

reference_url

https://issues.apache.org/jira/browse/KARAF-6230

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/KARAF-6230

reference_url

https://lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790@%3Cdev.karaf.apache.org%3E

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790@%3Cdev.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r218c7e017af0a860ae21bf7ab77520fd2070c8f52db680eeec03a266@%3Ccommits.karaf.apache.org%3E

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r218c7e017af0a860ae21bf7ab77520fd2070c8f52db680eeec03a266@%3Ccommits.karaf.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0226

reference_id

CVE-2019-0226

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0226

reference_url

https://github.com/advisories/GHSA-fjw4-39pg-vf4f

reference_id

GHSA-fjw4-39pg-vf4f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fjw4-39pg-vf4f

fixed_packages

url	pkg:maven/org.apache.karaf.config/org.apache.karaf.config.core@4.2.5
purl	pkg:maven/org.apache.karaf.config/org.apache.karaf.config.core@4.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.karaf.config/org.apache.karaf.config.core@4.2.5

aliases CVE-2019-0226, GHSA-fjw4-39pg-vf4f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqkq-86fw-nfah

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.karaf.config/org.apache.karaf.config.core@3.0.1

Package Instance