cvelist/2024/34xxx/CVE-2024-34365.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-34365",
        "ASSIGNER": "security@apache.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-20 Improper Input Validation",
                        "cweId": "CWE-20"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Apache Software Foundation",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache Karaf Cave",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "0",
                                            "version_value": "*"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://karaf.apache.org/security/cve-2024-34365.txt",
                "refsource": "MISC",
                "name": "https://karaf.apache.org/security/cve-2024-34365.txt"
            },
            {
                "url": "http://www.openwall.com/lists/oss-security/2024/05/09/5",
                "refsource": "MISC",
                "name": "http://www.openwall.com/lists/oss-security/2024/05/09/5"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "credits": [
        {
            "lang": "en",
            "value": "cigar"
        }
    ]
}
"-Synchronized-Data." 2024-05-02 12:00:36 +00:00			`{`
"-Synchronized-Data." 2024-05-09 07:00:32 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-05-02 12:00:36 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-34365",`
"-Synchronized-Data." 2024-05-09 07:00:32 +00:00			`"ASSIGNER": "security@apache.org",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-05-02 12:00:36 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-05-09 07:00:32 +00:00			`"value": " UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-20 Improper Input Validation",`
			`"cweId": "CWE-20"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Apache Software Foundation",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Apache Karaf Cave",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "0",`
			`"version_value": "*"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://karaf.apache.org/security/cve-2024-34365.txt",`
			`"refsource": "MISC",`
			`"name": "https://karaf.apache.org/security/cve-2024-34365.txt"`
"-Synchronized-Data." 2024-06-10 17:00:52 +00:00			`},`
			`{`
			`"url": "http://www.openwall.com/lists/oss-security/2024/05/09/5",`
			`"refsource": "MISC",`
			`"name": "http://www.openwall.com/lists/oss-security/2024/05/09/5"`
"-Synchronized-Data." 2024-05-02 12:00:36 +00:00			`}`
			`]`
"-Synchronized-Data." 2024-05-09 07:00:32 +00:00			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`},`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "cigar"`
			`}`
			`]`
"-Synchronized-Data." 2024-05-02 12:00:36 +00:00			`}`