CVE-2022-46364

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-46364
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46364.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-46364
Aliases
Related
Published
2022-12-13T17:15:17Z
Modified
2024-09-03T04:21:21.227311Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

References

Affected packages

Git / github.com/apache/cxf

Affected ranges

Type
GIT
Repo
https://github.com/apache/cxf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

cxf-2.*

cxf-2.1
cxf-2.1.2
cxf-2.2
cxf-2.2.1
cxf-2.2.2
cxf-2.3.0
cxf-2.4.0
cxf-2.5.0
cxf-2.5.1
cxf-2.6.0
cxf-2.6.1
cxf-2.7.0
cxf-2.7.1
cxf-2.7.2

cxf-3.*

cxf-3.0.0
cxf-3.0.0-milestone2
cxf-3.0.1
cxf-3.1.0
cxf-3.1.1
cxf-3.1.2
cxf-3.1.3
cxf-3.1.4
cxf-3.2.0
cxf-3.2.1
cxf-3.2.2
cxf-3.2.3
cxf-3.2.4
cxf-3.2.5
cxf-3.3.0
cxf-3.3.1
cxf-3.3.2
cxf-3.3.3
cxf-3.4.0
cxf-3.4.1
cxf-3.4.2
cxf-3.4.3
cxf-3.4.4
cxf-3.4.5
cxf-3.4.6
cxf-3.4.7
cxf-3.4.8
cxf-3.4.9