pkg:maven/org.apache.cxf/cxf-core

Type maven

Namespace org.apache.cxf

Name cxf-core

Known advisories, vulnerabilities and fixes for org.apache.cxf/cxf-core package.

Repository: https://mvnrepository.com/artifact/org.apache.cxf/cxf-core

Critical 1

High 3

Moderate 7

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 3.5.0, < 3.5.5 < 3.4.10	CVE-2022-46363	MAVEN:GHSA-3W37-5P3P-JV92	Apache CXF vulnerable to Exposure of Sensitive Information	high	2022-12-13T15:30:27 (21 months ago)
Fixed	= 3.5.5 = 3.4.10	CVE-2022-46363	MAVEN:GHSA-3W37-5P3P-JV92	Apache CXF vulnerable to Exposure of Sensitive Information	high	2022-12-13T15:30:27 (21 months ago)
Affected	>= 2.7.0, < 2.7.11 < 2.6.14	CVE-2014-0109	MAVEN:GHSA-5WQF-H3R3-GXVH	Uncontrolled Resource Consumption in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Fixed	= 2.7.11 = 2.6.14	CVE-2014-0109	MAVEN:GHSA-5WQF-H3R3-GXVH	Uncontrolled Resource Consumption in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Affected	>= 2.7.0, < 2.7.11 < 2.6.14	CVE-2014-0110	MAVEN:GHSA-5XF9-3V63-WW6F	Uncontrolled Resource Consumption in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Fixed	= 2.7.11 = 2.6.14	CVE-2014-0110	MAVEN:GHSA-5XF9-3V63-WW6F	Uncontrolled Resource Consumption in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Affected	< 3.0.16 >= 3.1.0, <= 3.1.13 = 3.2.0	CVE-2017-12624	MAVEN:GHSA-7VGJ-8MW4-HG8R	Improper Input Validation in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Fixed	= 3.0.16 = 3.1.14 = 3.2.1	CVE-2017-12624	MAVEN:GHSA-7VGJ-8MW4-HG8R	Improper Input Validation in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Affected	<= 3.0.12 >= 3.1.0, <= 3.1.10	CVE-2017-5653	MAVEN:GHSA-HGG6-8X62-M9GF	Improper Certificate Validation in Apache CXF	moderate	2022-05-13T01:09:19 (2 years ago)
Fixed	= 3.0.13 = 3.1.11	CVE-2017-5653	MAVEN:GHSA-HGG6-8X62-M9GF	Improper Certificate Validation in Apache CXF	moderate	2022-05-13T01:09:19 (2 years ago)
Affected	>= 4.0.0, < 4.0.4 >= 3.6.0, < 3.6.3 < 3.5.8	CVE-2024-28752	MAVEN:GHSA-QMGX-J96G-4428	SSRF vulnerability using the Aegis DataBinding in Apache CXF	moderate	2024-03-15T12:30:37 (6 months ago)
Fixed	= 4.0.4 = 3.6.3 = 3.5.8	CVE-2024-28752	MAVEN:GHSA-QMGX-J96G-4428	SSRF vulnerability using the Aegis DataBinding in Apache CXF	moderate	2024-03-15T12:30:37 (6 months ago)
Affected	>= 2.7.0, < 2.7.10 < 2.6.13	CVE-2014-0035	MAVEN:GHSA-V45R-RJ5X-HPG2	Cleartext Transmission of Sensitive Information in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Fixed	= 2.7.10 = 2.6.13	CVE-2014-0035	MAVEN:GHSA-V45R-RJ5X-HPG2	Cleartext Transmission of Sensitive Information in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Affected	<= 3.0.12 >= 3.1.0, <= 3.1.10	CVE-2017-5656	MAVEN:GHSA-V936-X3J5-C76J	Session Fixation in Apache CXF	high	2022-05-13T01:09:19 (2 years ago)
Fixed	= 3.0.13 = 3.1.11	CVE-2017-5656	MAVEN:GHSA-V936-X3J5-C76J	Session Fixation in Apache CXF	high	2022-05-13T01:09:19 (2 years ago)
Affected	>= 3.1.0, <= 3.1.8 <= 3.0.11	CVE-2016-6812	MAVEN:GHSA-VW2C-5WPH-V92R	Improper Neutralization of Input During Web Page Generation in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Fixed	= 3.1.9 = 3.0.12	CVE-2016-6812	MAVEN:GHSA-VW2C-5WPH-V92R	Improper Neutralization of Input During Web Page Generation in Apache CXF	moderate	2022-05-13T01:09:20 (2 years ago)
Affected	>= 3.5.0, < 3.5.5 < 3.4.10	CVE-2022-46364	MAVEN:GHSA-X3X3-QWJQ-8GJ4	Apache CXF Server-Side Request Forgery vulnerability	critical	2022-12-13T18:30:26 (21 months ago)
Fixed	= 3.5.5 = 3.4.10	CVE-2022-46364	MAVEN:GHSA-X3X3-QWJQ-8GJ4	Apache CXF Server-Side Request Forgery vulnerability	critical	2022-12-13T18:30:26 (21 months ago)
Affected	>= 3.1.0, <= 3.1.8 <= 3.0.11	CVE-2016-8739	MAVEN:GHSA-X7XF-253V-X3W8	Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS	high	2022-05-13T01:09:20 (2 years ago)
Fixed	= 3.1.9 = 3.0.12	CVE-2016-8739	MAVEN:GHSA-X7XF-253V-X3W8	Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS	high	2022-05-13T01:09:20 (2 years ago)