-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access 

Severity: important

Affected versions:

- - Apache Karaf Cave, all versions

Description:

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave. This issue affects all versions of Apache Karaf Cave.

As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Credit:

cigar (finder)

References:

https://karaf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-34365
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEKl6NhJXdZT91PEx+BhEHsPdKbaoFAmY4ztMACgkQBhEHsPdK
bar7rwf8C6Zsbg/O5M01KmfUo00qtKrI1pxeUPYAmEwhAocLxxvPEUYtpQnv2BlS
n3b/a6SA8eMo5PtT4dMPFQhsBsCz5ZipHKyWHEQNzM9OGCZBI2p8Lkvng5Z90tcY
6/76OuTLichYakwuaHX6OOiBTQJm9zNIKcxzT+QpBAO8N4r8olF8EiJORKJkLgrf
7ykiYDH45ACW0tI+5AbS9XkxRpgyO1GtDtQnGFetDmp/FgaAKUEboZ9Xf1Dx/PGc
F3QQQV0e/JEo3OMPJV3FZIAV3VqzbanjNIoDKjrfBpxI8OjkPGSmaKlipfrOM33w
UFNTlJuC8REmW+0wHYWQZp0IEPmQRQ==
=D7zv
-----END PGP SIGNATURE-----