Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-19891

Update Apache CXF versions to mitigate CVE-2022-46364 and CVE-2022-46363

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 3.14.9
    • 3.14.10
    • camel-cxf
    • None
    • Unknown

    Description

      Update Apache CXF versions to mitigate CVE-2022-46364

      Apache CXF versions prior to 3.4.10 and 3.5.x prior to 3.5.5 is vulnerable to SSRF while parsing the `href` attribute of `XOP:Include` in MTOM requests. It allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            adavila Alan Dávila
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment