VYPR

Neethi

by Apache

CVEs (3)

  • CVE-2026-42403HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.01

    Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause…

  • CVE-2026-42402HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.01

    Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory…

  • CVE-2026-42404MedMay 1, 2026
    risk 0.42cvss 6.5epss 0.01

    Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and…