Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-19891

Update Apache CXF versions to mitigate CVE-2022-46364 and CVE-2022-46363

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 3.14.9
    • 3.14.10
    • camel-cxf
    • None
    • Unknown

    Description

      Update Apache CXF versions to mitigate CVE-2022-46364

      Apache CXF versions prior to 3.4.10 and 3.5.x prior to 3.5.5 is vulnerable to SSRF while parsing the `href` attribute of `XOP:Include` in MTOM requests. It allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              adavila Alan Dávila
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: