CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE Severity: moderate
Affected versions: - Apache CXF before 4.0.5, 3.6.4, 3.5.9 Description: An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. Credit: Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab. (finder) References: https://cxf.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-32007
