Apache Karaf Cave: Cave SSRF and arbitrary file access

2024-05-1418:30:50

Google

osv.dev

apache karaf cave

ssrf

file access

vulnerability

retired project

unsupported

alternative solution

trusted users

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

This issue affects all versions of Apache Karaf Cave.

As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CPENameOperatorVersion
org.apache.karaf:caveeq4.0.0
org.apache.karaf:caveeq4.1.2
org.apache.karaf:caveeq2.3.0
org.apache.karaf:caveeq4.1.0
org.apache.karaf:caveeq3.0.0
org.apache.karaf:caveeq4.1.1

Name	Operator	Version
org.apache.karaf:cave	eq	4.0.0
org.apache.karaf:cave	eq	4.1.2
org.apache.karaf:cave	eq	2.3.0
org.apache.karaf:cave	eq	4.1.0
org.apache.karaf:cave	eq	3.0.0
org.apache.karaf:cave	eq	4.1.1