4 matches found
org.apache.karaf.config:org.apache.karaf.config.command (>=3.0.0 <=3.0.10), org.apache.karaf.features:standard (>=4.0.0 <=4.2.16) +3 more potentially affected by CVE-2019-0226 via org.apache.karaf.config:org.apache.karaf.config.core (>=3.0.0 <=4.2.4)
org.apache.karaf.config:org.apache.karaf.config.core MAVEN version =3.0.0, =3.0.0, =4.0.0, =13.0, =13.12 Source cves: CVE-2019-0226 Source advisory: OSV:GHSA-FJW4-39PG-VF4F...
CVE-2019-0226
Apache Karaf Config service provides a install method via service or MBean that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. Use...
CVE-2019-0226
CVE-2019-0226 affects Apache Karaf Config service. A relative path traversal via the install method (via service or MBean) could be used to traverse directories and overwrite files. Any Karaf version before 4.2.5 is affected; impact depends on the filesystem permissions of the Karaf process user....
CVE-2019-0226
Apache Karaf Config service provides a install method via service or MBean that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. Use...