Lucene search
GoogleOSV:GHSA-FJW4-39PG-VF4FHistoryMay 24, 2022 - 4:45 p.m.
Apache Karaf vulnerable to relative path traversal
2022-05-2416:45:24
Google
osv.dev
8
0.001 Low
EPSS
Percentile
37.5%
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.
References
github.com/apache/karaf
github.com/apache/karaf/pull/805
issues.apache.org/jira/browse/KARAF-6230
lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790@%3Cdev.karaf.apache.org%3E
lists.apache.org/thread.html/r218c7e017af0a860ae21bf7ab77520fd2070c8f52db680eeec03a266@%3Ccommits.karaf.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2019-0226
Related
cvelist
cvelist
CVE-2019-0226
2019-05-09 13:31:47
github
github
Apache Karaf vulnerable to relative path traversal
2022-05-24 16:45:24
nvd
nvd
CVE-2019-0226
2019-05-09 14:29:00
prion
prion
Design/Logic Flaw
2019-05-09 14:29:00
veracode
veracode
Directory Traversal
2019-05-07 05:34:22
osv
osv
CVE-2019-0226
2019-05-09 14:29:00
cve
cve
CVE-2019-0226
2019-05-09 14:29:00