[CAMEL-19891] Update Apache CXF versions to mitigate CVE-2022-46364 and CVE-2022-46363 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.14.9
Fix Version/s: 3.14.10
Component/s: camel-cxf
Labels:
None

Estimated Complexity:
Unknown

Description

Update Apache CXF versions to mitigate CVE-2022-46364

Apache CXF versions prior to 3.4.10 and 3.5.x prior to 3.5.5 is vulnerable to SSRF while parsing the `href` attribute of `XOP:Include` in MTOM requests. It allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

Attachments

Issue Links

links to

GitHub Pull Request #11541

Activity

People

Assignee:: Unassigned

Reporter:: Alan Dávila

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 20/Sep/23 15:09

Updated:: 24/Sep/23 08:44

Resolved:: 24/Sep/23 08:44