commit 640d0e15b387c0221f964f21b672403ce9667490
author JB Onofré <jbonofre@apache.org> Mon May 06 14:55:38 2024 +0200
committer GitHub <noreply@github.com> Mon May 06 14:55:38 2024 +0200
tree 564c2c0f79267b24a1d96fb842562f08abe6dc83
parent 8eae263ce1273e1519822fa4b68ffc440fd26ede
parent 02dbdf46ec1793a2619f110186f1e7d13d2538dd

Merge pull request #72 from raboof/add-cve-2024-34365

Publish CVE-2024-34365

security/cve-2024-34365.txt

diff --git a/security/cve-2024-34365.txt b/security/cve-2024-34365.txt
new file mode 100644
index 0000000..9a8234c
--- /dev/null
+++ b/security/cve-2024-34365.txt
@@ -0,0 +1,38 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+CVE-2024-34365: Apache Karaf Cave: Cave SSRF and arbitrary file access 
+
+Severity: important
+
+Affected versions:
+
+- - Apache Karaf Cave, all versions
+
+Description:
+
+** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave. This issue affects all versions of Apache Karaf Cave.
+
+As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
+
+NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
+
+Credit:
+
+cigar (finder)
+
+References:
+
+https://karaf.apache.org/
+https://www.cve.org/CVERecord?id=CVE-2024-34365
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCAAdFiEEKl6NhJXdZT91PEx+BhEHsPdKbaoFAmY4ztMACgkQBhEHsPdK
+bar7rwf8C6Zsbg/O5M01KmfUo00qtKrI1pxeUPYAmEwhAocLxxvPEUYtpQnv2BlS
+n3b/a6SA8eMo5PtT4dMPFQhsBsCz5ZipHKyWHEQNzM9OGCZBI2p8Lkvng5Z90tcY
+6/76OuTLichYakwuaHX6OOiBTQJm9zNIKcxzT+QpBAO8N4r8olF8EiJORKJkLgrf
+7ykiYDH45ACW0tI+5AbS9XkxRpgyO1GtDtQnGFetDmp/FgaAKUEboZ9Xf1Dx/PGc
+F3QQQV0e/JEo3OMPJV3FZIAV3VqzbanjNIoDKjrfBpxI8OjkPGSmaKlipfrOM33w
+UFNTlJuC8REmW+0wHYWQZp0IEPmQRQ==
+=D7zv
+-----END PGP SIGNATURE-----