{"schema_version": "1.6.1", "id": "CVE-2022-22932", "summary": "Path traversal flaws", "details": "Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial\npath traversal which allows to break out of expected folder.\n\nThe risk is low as obr:* commands are not very used and the entry is set by user.\n\nThis has been fixed in revision:\n\nhttps://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4\nhttps://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf\n\nMitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6\nor later as soon as possible, or use correct path.\n\nJIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache Karaf"}, {"fixed": "4.2.15"}]}]}], "references": [{"type": "ADVISORY", "url": "https://karaf.apache.org/security/cve-2022-22932.txt"}]}