VulnerableCode Package Details - pkg:maven/org.apache.karaf/apache-karaf@2.3.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.karaf/apache-karaf@2.3.2

Essentials
History (6)

purl	pkg:maven/org.apache.karaf/apache-karaf@2.3.2

Next non-vulnerable version	4.3.8
Latest non-vulnerable version	4.4.2
Risk	4.2

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-999e-zmqs-u7fw Aliases: CVE-2014-0219 GHSA-m6g3-xq5q-4hg9	Improper Input Validation Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.	4.0.10 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9r9v-r4ee-h7c7 Aliases: CVE-2022-40145 GHSA-c2p4-8mvv-rwmv	karaf: JDBC JAAS LDAP injection	4.3.8 Affected by 0 other vulnerabilities. 4.4.2 Affected by 0 other vulnerabilities.
VCID-bn32-dwf4-x7ch Aliases: CVE-2018-11787 GHSA-cq9c-55r7-455x	Improper Authentication When Pax Web Extender Whiteboard is installed, the Karaf console becomes available at another (insecure) URL giving access to the Karaf console to unauthenticated users.	3.0.9 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-czhh-a73d-13hp Aliases: CVE-2016-8750 GHSA-chj8-5xgw-wcvj	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.	4.0.8 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-srxe-9dxr-qkc4 Aliases: CVE-2018-11786 GHSA-9448-c9wq-jg9v	Improper Privilege Management In Apache Karaf, if the sshd service in Karaf is left on, an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access.	4.2.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-teun-jmsg-67hz Aliases: CVE-2019-0191 GHSA-869j-5855-hjpm	Path Traversal Apache Karaf kar deployer reads `.kar` archives and extracts the paths from the `repository/` and `resources/` entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it does not do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with `..` directory names and break out of the directories to write arbitrary content to the filesystem.	4.2.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T03:20:01.653679+00:00	GitLab Importer	Affected by	VCID-9r9v-r4ee-h7c7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.karaf/apache-karaf/CVE-2022-40145.yml	38.6.0
2026-06-06T02:00:44.142196+00:00	GitLab Importer	Affected by	VCID-999e-zmqs-u7fw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.karaf/apache-karaf/CVE-2014-0219.yml	38.6.0
2026-06-04T20:20:08.712745+00:00	GitLab Importer	Affected by	VCID-teun-jmsg-67hz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.karaf/apache-karaf/CVE-2019-0191.yml	38.6.0
2026-06-04T20:18:04.281782+00:00	GitLab Importer	Affected by	VCID-bn32-dwf4-x7ch	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.karaf/apache-karaf/CVE-2018-11787.yml	38.6.0
2026-06-04T20:18:03.727186+00:00	GitLab Importer	Affected by	VCID-czhh-a73d-13hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.karaf/apache-karaf/CVE-2016-8750.yml	38.6.0
2026-06-04T20:17:44.009697+00:00	GitLab Importer	Affected by	VCID-srxe-9dxr-qkc4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.karaf/apache-karaf/CVE-2018-11786.yml	38.6.0