org.apache.karaf:apache-karaf (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.karaf:apache-karaf, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2022-40145 — CVSS 9.8 (critical): This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The…
CVE-2018-11786 — CVSS 8.8 (high): In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any…
CVE-2018-11787 — CVSS 8.1 (high): In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at…
CVE-2019-0191 — CVSS 6.5 (medium): Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It…
CVE-2016-8750 — CVSS 6.5 (medium): Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames…
CVE-2014-0219 — CVSS 5.5 (medium): Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service…
CVE-2022-22932 — CVSS 5.3 (medium): Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected…