-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access Severity: important Affected versions: - - Apache Karaf Cave, all versions Description: ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave. This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Credit: cigar (finder) References: https://karaf.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-34365 -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEKl6NhJXdZT91PEx+BhEHsPdKbaoFAmY4ztMACgkQBhEHsPdK bar7rwf8C6Zsbg/O5M01KmfUo00qtKrI1pxeUPYAmEwhAocLxxvPEUYtpQnv2BlS n3b/a6SA8eMo5PtT4dMPFQhsBsCz5ZipHKyWHEQNzM9OGCZBI2p8Lkvng5Z90tcY 6/76OuTLichYakwuaHX6OOiBTQJm9zNIKcxzT+QpBAO8N4r8olF8EiJORKJkLgrf 7ykiYDH45ACW0tI+5AbS9XkxRpgyO1GtDtQnGFetDmp/FgaAKUEboZ9Xf1Dx/PGc F3QQQV0e/JEo3OMPJV3FZIAV3VqzbanjNIoDKjrfBpxI8OjkPGSmaKlipfrOM33w UFNTlJuC8REmW+0wHYWQZp0IEPmQRQ== =D7zv -----END PGP SIGNATURE-----