CVE-2019-0191

CWE-22Path TraversalCWE-20Improper Input Validation6 documents6 sources
Severity
6.5MEDIUM
EPSS
3.6%
top 12.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache KarafApache Apache Karaf
Timeline
PublishedMar 21
Latest updateApr 4

Description

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https:

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDapache/karaf< 4.2.3
Mavenorg.apache.karaf:karaf< 4.2.3
CVEListV5apache/apache_karafApache Karaf version prior to 4.2.3

🔴Vulnerability Details

3
OSV
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf2019-03-25
GHSA
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf2019-03-25
CVEList
CVE-2019-0191: Apache Karaf kar deployer reads2019-03-20

📋Vendor Advisories

1
Red Hat
karaf: Zip-slip vulnerability via kar file2019-03-07

💬Community

1
Bugzilla
CVE-2019-0191 karaf: Zip-slip vulnerability via kar file2019-04-04
CVE-2019-0191 (MEDIUM CVSS 6.5) | Apache Karaf kar deployer reads .ka | cvebase.io