Moderate severityNVD Advisory· Published Jul 19, 2024· Updated Sep 13, 2024
Apache CXF Denial of Service vulnerability in JOSE
CVE-2024-32007
Description
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.cxf:cxf-rt-rs-security-joseMaven | >= 4.0.0, < 4.0.5 | 4.0.5 |
org.apache.cxf:cxf-rt-rs-security-joseMaven | >= 3.6.0, < 3.6.4 | 3.6.4 |
org.apache.cxf:cxf-rt-rs-security-joseMaven | < 3.5.9 | 3.5.9 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-6pff-fmh2-4mmfghsaADVISORY
- lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-32007ghsaADVISORY
- github.com/apache/cxf/commit/20793d3fed2e73e2785a58ec5b47403306ae4a5cghsaWEB
- github.com/apache/cxf/commit/2d2baa3455db7439bf1ed4e00edfc5a7106edf7dghsaWEB
- github.com/apache/cxf/commit/d1d77c34c199c2c87ebcfe23e3c81dccfe2e2473ghsaWEB
News mentions
0No linked articles in our index yet.