pkg:maven/org.apache.cxf/cxf-core
Type
maven
Namespace
org.apache.cxf
Name
cxf-core
Known advisories, vulnerabilities and fixes for org.apache.cxf/cxf-core package.
Critical
1
High
3
Moderate
7
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 3.5.0, < 3.5.5 < 3.4.10 |
CVE-2022-46363
|
MAVEN:GHSA-3W37-5P3P-JV92 | Apache CXF vulnerable to Exposure of Sensitive Information | high |
2022-12-13T15:30:27
(21 months ago) |
|
Fixed | = 3.5.5 = 3.4.10 |
CVE-2022-46363
|
MAVEN:GHSA-3W37-5P3P-JV92 | Apache CXF vulnerable to Exposure of Sensitive Information | high |
2022-12-13T15:30:27
(21 months ago) |
|
Affected | >= 2.7.0, < 2.7.11 < 2.6.14 |
CVE-2014-0109
|
MAVEN:GHSA-5WQF-H3R3-GXVH | Uncontrolled Resource Consumption in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Fixed | = 2.7.11 = 2.6.14 |
CVE-2014-0109
|
MAVEN:GHSA-5WQF-H3R3-GXVH | Uncontrolled Resource Consumption in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Affected | >= 2.7.0, < 2.7.11 < 2.6.14 |
CVE-2014-0110
|
MAVEN:GHSA-5XF9-3V63-WW6F | Uncontrolled Resource Consumption in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Fixed | = 2.7.11 = 2.6.14 |
CVE-2014-0110
|
MAVEN:GHSA-5XF9-3V63-WW6F | Uncontrolled Resource Consumption in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Affected | < 3.0.16 >= 3.1.0, <= 3.1.13 = 3.2.0 |
CVE-2017-12624
|
MAVEN:GHSA-7VGJ-8MW4-HG8R | Improper Input Validation in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Fixed | = 3.0.16 = 3.1.14 = 3.2.1 |
CVE-2017-12624
|
MAVEN:GHSA-7VGJ-8MW4-HG8R | Improper Input Validation in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Affected | <= 3.0.12 >= 3.1.0, <= 3.1.10 |
CVE-2017-5653
|
MAVEN:GHSA-HGG6-8X62-M9GF | Improper Certificate Validation in Apache CXF | moderate |
2022-05-13T01:09:19
(2 years ago) |
|
Fixed | = 3.0.13 = 3.1.11 |
CVE-2017-5653
|
MAVEN:GHSA-HGG6-8X62-M9GF | Improper Certificate Validation in Apache CXF | moderate |
2022-05-13T01:09:19
(2 years ago) |
|
Affected | >= 4.0.0, < 4.0.4 >= 3.6.0, < 3.6.3 < 3.5.8 |
CVE-2024-28752
|
MAVEN:GHSA-QMGX-J96G-4428 | SSRF vulnerability using the Aegis DataBinding in Apache CXF | moderate |
2024-03-15T12:30:37
(6 months ago) |
|
Fixed | = 4.0.4 = 3.6.3 = 3.5.8 |
CVE-2024-28752
|
MAVEN:GHSA-QMGX-J96G-4428 | SSRF vulnerability using the Aegis DataBinding in Apache CXF | moderate |
2024-03-15T12:30:37
(6 months ago) |
|
Affected | >= 2.7.0, < 2.7.10 < 2.6.13 |
CVE-2014-0035
|
MAVEN:GHSA-V45R-RJ5X-HPG2 | Cleartext Transmission of Sensitive Information in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Fixed | = 2.7.10 = 2.6.13 |
CVE-2014-0035
|
MAVEN:GHSA-V45R-RJ5X-HPG2 | Cleartext Transmission of Sensitive Information in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Affected | <= 3.0.12 >= 3.1.0, <= 3.1.10 |
CVE-2017-5656
|
MAVEN:GHSA-V936-X3J5-C76J | Session Fixation in Apache CXF | high |
2022-05-13T01:09:19
(2 years ago) |
|
Fixed | = 3.0.13 = 3.1.11 |
CVE-2017-5656
|
MAVEN:GHSA-V936-X3J5-C76J | Session Fixation in Apache CXF | high |
2022-05-13T01:09:19
(2 years ago) |
|
Affected | >= 3.1.0, <= 3.1.8 <= 3.0.11 |
CVE-2016-6812
|
MAVEN:GHSA-VW2C-5WPH-V92R | Improper Neutralization of Input During Web Page Generation in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Fixed | = 3.1.9 = 3.0.12 |
CVE-2016-6812
|
MAVEN:GHSA-VW2C-5WPH-V92R | Improper Neutralization of Input During Web Page Generation in Apache CXF | moderate |
2022-05-13T01:09:20
(2 years ago) |
|
Affected | >= 3.5.0, < 3.5.5 < 3.4.10 |
CVE-2022-46364
|
MAVEN:GHSA-X3X3-QWJQ-8GJ4 | Apache CXF Server-Side Request Forgery vulnerability | critical |
2022-12-13T18:30:26
(21 months ago) |
|
Fixed | = 3.5.5 = 3.4.10 |
CVE-2022-46364
|
MAVEN:GHSA-X3X3-QWJQ-8GJ4 | Apache CXF Server-Side Request Forgery vulnerability | critical |
2022-12-13T18:30:26
(21 months ago) |
|
Affected | >= 3.1.0, <= 3.1.8 <= 3.0.11 |
CVE-2016-8739
|
MAVEN:GHSA-X7XF-253V-X3W8 | Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS | high |
2022-05-13T01:09:20
(2 years ago) |
|
Fixed | = 3.1.9 = 3.0.12 |
CVE-2016-8739
|
MAVEN:GHSA-X7XF-253V-X3W8 | Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS | high |
2022-05-13T01:09:20
(2 years ago) |