Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.cxf/cxf-rt-transports-http@4.0.0

Type maven

Namespace org.apache.cxf

Name cxf-rt-transports-http

Version 4.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.0.5

Latest_non_vulnerable_version 4.0.5

Affected_by_vulnerabilities

url VCID-k3hu-vqn3-yuaj

vulnerability_id VCID-k3hu-vqn3-yuaj

summary

Apache CXF allows unrestricted memory consumption in CXF HTTP clients
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run  out of memory

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41172.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41172.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-41172

reference_id

reference_type

scores

value	0.00889
scoring_system	epss
scoring_elements	0.75548
published_at	2026-04-21T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75562
published_at	2026-04-18T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75556
published_at	2026-04-16T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75492
published_at	2026-04-04T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75515
published_at	2026-04-08T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75461
published_at	2026-04-02T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75473
published_at	2026-04-07T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75514
published_at	2026-04-13T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75523
published_at	2026-04-12T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75544
published_at	2026-04-11T12:55:00Z

value	0.00889
scoring_system	epss
scoring_elements	0.75524
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-41172

reference_url

https://github.com/apache/cxf

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/cxf

reference_url

https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-23T17:58:41Z/

url

https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-41172

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-41172

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2298829
reference_id	2298829
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2298829

reference_url

https://github.com/advisories/GHSA-4mgg-fqfq-64hg

reference_id

GHSA-4mgg-fqfq-64hg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4mgg-fqfq-64hg

reference_url	https://access.redhat.com/errata/RHSA-2024:7052
reference_id	RHSA-2024:7052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7052

fixed_packages

url	pkg:maven/org.apache.cxf/cxf-rt-transports-http@4.0.5
purl	pkg:maven/org.apache.cxf/cxf-rt-transports-http@4.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@4.0.5

aliases CVE-2024-41172, GHSA-4mgg-fqfq-64hg

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k3hu-vqn3-yuaj

Fixing_vulnerabilities

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.cxf/cxf-rt-transports-http@4.0.0

Package Instance