Apache Karaf is an open source, modern, multi-format, lightweight, powerful, OSGI-certified enterprise container that provides many features to help developers and users deploy applications more flexibly.A path traversal vulnerability exists in Apache Karaf. The vulnerability is related to the obr:* command. An attacker could exploit this vulnerability to conduct path traversal attacks.