|
Message-ID: <CAB8XdGAOHxx1sk1-RpZyJtvXiZ7sSKKN3aRCnUTLwXBuraAWGw@mail.gmail.com> Date: Wed, 16 Jun 2021 10:49:44 +0100 From: Colm O hEigeartaigh <coheigea@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. For more information please refer to the CXF security advisories page: http://cxf.apache.org/security-advisories.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.