CVE-2024-29736: SSRF vulnerability via WADL stylesheet parameter
Severity: important
Affected versions:
- Apache CXF before 3.5.9, 3.6.4, 4.0.5
Description:
A SSRF vulnerability in WADL service description in versions of Apache
CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SS
CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE
Severity: moderate
Affected versions:
- Apache CXF before 4.0.5, 3.6.4, 3.5.9
Description:
An improper input validation of the p2c parameter in the Apache CXF
JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perfor
CVE-2024-41172: Unrestricted memory consumption in CXF HTTP clients
Severity: low
Affected versions:
- Apache CXF 3.6.0, 4.0.0 before 3.6.4, 4.0.5
Description:
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower
versions are not impacted), a CXF HTTP client conduit may prevent
HT
The Project Management Committee (PMC) for Apache CXF
has invited Jamie Goodyear to become a committer and we are pleased
to announce that he has accepted.
Jamie Goodyear has been really stepping up in getting tests fixed and making
things run around IBM and Red Hat JVMs. He had put in a lot
Welcome onboard Jamie!
On Thu, Jul 18, 2024 at 4:55 PM Andriy Redko wrote:
>
> The Project Management Committee (PMC) for Apache CXF
> has invited Jamie Goodyear to become a committer and we are pleased
> to announce that he has accepted.
>
> Jamie Goodyear has been really stepping up in getting
