CVE-2022-46364 – org.apache.cxf:cxf-core

Package

Manager: maven
Name: org.apache.cxf:cxf-core
Vulnerable Version: >=0 <3.4.10 || >=3.5.0 <3.5.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00102 pctl0.28569

Details

Apache CXF Server-Side Request Forgery vulnerability A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

Metadata

Created: 2022-12-13T18:30:26Z
Modified: 2022-12-15T22:00:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-x3x3-qwjq-8gj4/GHSA-x3x3-qwjq-8gj4.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-x3x3-qwjq-8gj4
Finding: F100
Auto approve: 1