oss-sec mailing list archives
CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter
From: Colm O hEigeartaigh <coheigea () apache org>
Date: Wed, 16 Jun 2021 10:49:44 +0100
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. For more information please refer to the CXF security advisories page: http://cxf.apache.org/security-advisories.html
Current thread:
- CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter Colm O hEigeartaigh (Jun 16)