GHSA-338x-hfx8-vx9x

Suggest an improvement
Source
https://github.com/advisories/GHSA-338x-hfx8-vx9x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-338x-hfx8-vx9x/GHSA-338x-hfx8-vx9x.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-338x-hfx8-vx9x
Aliases
  • CVE-2024-34365
Published
2024-05-14T18:30:50Z
Modified
2024-11-28T05:30:51.297745Z
Summary
Apache Karaf Cave: Cave SSRF and arbitrary file access
Details

This issue affects all versions of Apache Karaf Cave.

As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Database specific 
{
    "nvd_published_at": "2024-05-14T15:38:46Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-918"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T21:37:05Z"
}
References

Affected packages

Maven / org.apache.karaf:cave

Package

Name
org.apache.karaf:cave
View open source insights on deps.dev
Purl
pkg:maven/org.apache.karaf/cave

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
4.1.2

Affected versions

2.*

2.3.0

3.*

3.0.0

4.*

4.0.0
4.1.0
4.1.1
4.1.2