Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cxf
(Apache)| Repositories | https://github.com/apache/cxf |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-03-15 | CVE-2024-28752 | A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. | Cxf, Oncommand_workflow_automation, Ontap_tools | N/A | ||
| 2025-01-21 | CVE-2025-23184 | A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients). | Cxf | 7.5 |