CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access

May 14, 2024 (updated February 13, 2025)

This issue affects all versions of Apache Karaf Cave.

As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

github.com/advisories/GHSA-338x-hfx8-vx9x
github.com/apache/karaf-cave
karaf.apache.org/security/cve-2024-34365.txt
nvd.nist.gov/vuln/detail/CVE-2024-34365

Code Behaviors & Features

Detect and mitigate CVE-2024-34365 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →