#VU18431 Path traversal in Karaf - CVE-2019-0226
Published: May 11, 2019
Karaf
Apache Foundation
Description
The vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences within the Apache Karaf Config service that provides an install method via service or MBean. A remote authenticated attacker can use directory traversal characters to overwrite arbitrary files on the system.