Details
Description
Update Apache CXF versions to mitigate CVE-2022-46364
Apache CXF versions prior to 3.4.10 and 3.5.x prior to 3.5.5 is vulnerable to SSRF while parsing the `href` attribute of `XOP:Include` in MTOM requests. It allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
Attachments
Issue Links
- links to