High severityNVD Advisory· Published Jul 19, 2024· Updated Nov 15, 2024
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
CVE-2024-29736
Description
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.cxf:cxf-rt-rs-service-descriptionMaven | >= 4.0.0, < 4.0.5 | 4.0.5 |
org.apache.cxf:cxf-rt-rs-service-descriptionMaven | >= 3.6.0, < 3.6.4 | 3.6.4 |
org.apache.cxf:cxf-rt-rs-service-descriptionMaven | < 3.5.9 | 3.5.9 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-5m3j-pxh7-455pghsaADVISORY
- lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-29736ghsaADVISORY
- github.com/apache/cxf/commit/378afe1acb7503315bc63555c8743db0f55d8312ghsaWEB
- github.com/apache/cxf/commit/bafb0cadf723fc3962031c34f1f20dc0e8b7a36bghsaWEB
- github.com/apache/cxf/commit/df2241c59481a57aebb1c0693b778a35baaf5570ghsaWEB
News mentions
0No linked articles in our index yet.