Skip to content

Apache Karaf Cave: Cave SSRF and arbitrary file access

Critical severity GitHub Reviewed Published May 14, 2024 to the GitHub Advisory Database • Updated May 14, 2024

Package

maven org.apache.karaf:cave (Maven)

Affected versions

<= 4.1.2

Patched versions

None

Description

This issue affects all versions of Apache Karaf Cave.

As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

Published by the National Vulnerability Database May 14, 2024
Published to the GitHub Advisory Database May 14, 2024
Reviewed May 14, 2024
Last updated May 14, 2024

Severity

Critical

EPSS score

0.043%
(10th percentile)

CVE ID

CVE-2024-34365

GHSA ID

GHSA-338x-hfx8-vx9x

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.