VYPR

Maven package

org.apache.neethi/neethi

pkg:maven/org.apache.neethi/neethi

Vulnerabilities (3)

  • CVE-2026-42404MedMay 1, 2026
    affected < 3.2.2fixed 3.2.2

    Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and int

  • CVE-2026-42403HigMay 1, 2026
    affected < 3.2.2fixed 3.2.2

    Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause exc

  • CVE-2026-42402HigMay 1, 2026
    affected < 3.2.2fixed 3.2.2

    Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocati