VulnerableCode Package Details - pkg:maven/org.apache.cxf/cxf@3.3.11

Search for packages

Vulnerability	Summary	Fixed by
VCID-xzs8-rbhd-mkbp Aliases: CVE-2022-46363 GHSA-3w37-5p3p-jv92	Apache CXF vulnerable to Exposure of Sensitive Information A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.	3.4.10 Affected by 0 other vulnerabilities. 3.5.5 Affected by 0 other vulnerabilities.
VCID-y8up-mkx2-abcn Aliases: CVE-2022-46364 GHSA-x3x3-qwjq-8gj4	Apache CXF Server-Side Request Forgery vulnerability A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.	3.4.10 Affected by 0 other vulnerabilities. 3.5.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-xzs8-rbhd-mkbp
Aliases:
CVE-2022-46363
GHSA-3w37-5p3p-jv92

Apache CXF vulnerable to Exposure of Sensitive Information A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.

3.4.10
Affected by 0 other vulnerabilities.

3.5.5
Affected by 0 other vulnerabilities.

VCID-y8up-mkx2-abcn
Aliases:
CVE-2022-46364
GHSA-x3x3-qwjq-8gj4

Apache CXF Server-Side Request Forgery vulnerability A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

3.4.10
Affected by 0 other vulnerabilities.

3.5.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8j88-zqx2-53hr	Uncontrolled Resource Consumption A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.	CVE-2021-30468 GHSA-g23v-p5jq-jvh4

Vulnerability

Summary

Aliases

VCID-8j88-zqx2-53hr

Uncontrolled Resource Consumption A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.

CVE-2021-30468
GHSA-g23v-p5jq-jvh4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:18:04.655446+00:00	GitLab Importer	Affected by	VCID-xzs8-rbhd-mkbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46363.yml	38.4.0
2026-04-16T22:17:57.672796+00:00	GitLab Importer	Affected by	VCID-y8up-mkx2-abcn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46364.yml	38.4.0
2026-04-16T21:37:04.620446+00:00	GitLab Importer	Fixing	VCID-8j88-zqx2-53hr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2021-30468.yml	38.4.0
2026-04-11T23:35:36.085649+00:00	GitLab Importer	Affected by	VCID-xzs8-rbhd-mkbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46363.yml	38.3.0
2026-04-11T23:35:27.626755+00:00	GitLab Importer	Affected by	VCID-y8up-mkx2-abcn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46364.yml	38.3.0
2026-04-11T22:51:01.495042+00:00	GitLab Importer	Fixing	VCID-8j88-zqx2-53hr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2021-30468.yml	38.3.0
2026-04-02T23:40:12.814335+00:00	GitLab Importer	Affected by	VCID-xzs8-rbhd-mkbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46363.yml	38.1.0
2026-04-02T23:40:05.914753+00:00	GitLab Importer	Affected by	VCID-y8up-mkx2-abcn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46364.yml	38.1.0
2026-04-02T23:00:26.478045+00:00	GitLab Importer	Fixing	VCID-8j88-zqx2-53hr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2021-30468.yml	38.1.0
2026-04-01T18:02:43.763632+00:00	GitLab Importer	Affected by	VCID-xzs8-rbhd-mkbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46363.yml	38.0.0
2026-04-01T18:02:35.850800+00:00	GitLab Importer	Affected by	VCID-y8up-mkx2-abcn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46364.yml	38.0.0
2026-04-01T15:59:13.364461+00:00	GHSA Importer	Fixing	VCID-8j88-zqx2-53hr	https://github.com/advisories/GHSA-g23v-p5jq-jvh4	38.0.0
2026-04-01T13:05:39.700017+00:00	GithubOSV Importer	Fixing	VCID-8j88-zqx2-53hr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-g23v-p5jq-jvh4/GHSA-g23v-p5jq-jvh4.json	38.0.0
2026-04-01T12:49:14.390777+00:00	GitLab Importer	Fixing	VCID-8j88-zqx2-53hr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2021-30468.yml	38.0.0