VYPR
High severityNVD Advisory· Published Jun 16, 2021· Updated Aug 3, 2024

Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter

CVE-2021-30468

Description

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.cxf:apache-cxfMaven
>= 3.4.0, < 3.4.43.4.4
org.apache.cxf:apache-cxfMaven
< 3.3.113.3.11
org.apache.cxf:cxfMaven
>= 3.4.0, < 3.4.43.4.4
org.apache.cxf:cxfMaven
< 3.3.113.3.11

Affected products

3

Patches

Vulnerability mechanics

References

28

News mentions

0

No linked articles in our index yet.