Apache Karaf vulnerable to relative path traversal

🗓️ 24 May 2022 16:24:45Reported by GitHub Advisory DatabaseType

Apache Karaf Config service allows relative path traversal, impacting versions before 4.2.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Veracode	Directory Traversal	7 May 201905:34	–	veracode
OSV	CVE-2019-0226	9 May 201914:29	–	osv
OSV	GHSA-FJW4-39PG-VF4F Apache Karaf vulnerable to relative path traversal	24 May 202216:45	–	osv
Cvelist	CVE-2019-0226	9 May 201913:31	–	cvelist
CVE	CVE-2019-0226	9 May 201914:29	–	cve
Prion	Design/Logic Flaw	9 May 201914:29	–	prion
NVD	CVE-2019-0226	9 May 201914:29	–	nvd

Vulners

Node

org.apache.karaf.config org.apache.karaf.config.coreRange<4.2.5

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-0226
lists	www.lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790@%3Cdev.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r218c7e017af0a860ae21bf7ab77520fd2070c8f52db680eeec03a266@%3Ccommits.karaf.apache.org%3E
github	www.github.com/apache/karaf/pull/805
issues	www.issues.apache.org/jira/browse/KARAF-6230
github	www.github.com/advisories/GHSA-fjw4-39pg-vf4f

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 May 2022 16:45Current

4.4Medium risk

Vulners AI Score4.4

CVSS25.5

CVSS34.9

EPSS0.017

CWE-22