VulnerableCode Package Details - pkg:maven/org.apache.cxf/cxf@3.5.5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-xzs8-rbhd-mkbp	Apache CXF vulnerable to Exposure of Sensitive Information A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.	CVE-2022-46363 GHSA-3w37-5p3p-jv92
VCID-y8up-mkx2-abcn	Apache CXF Server-Side Request Forgery vulnerability A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.	CVE-2022-46364 GHSA-x3x3-qwjq-8gj4

Vulnerability

Summary

Aliases

VCID-xzs8-rbhd-mkbp

Apache CXF vulnerable to Exposure of Sensitive Information A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.

CVE-2022-46363
GHSA-3w37-5p3p-jv92

VCID-y8up-mkx2-abcn

Apache CXF Server-Side Request Forgery vulnerability A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

CVE-2022-46364
GHSA-x3x3-qwjq-8gj4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:18:04.729536+00:00	GitLab Importer	Fixing	VCID-xzs8-rbhd-mkbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46363.yml	38.4.0
2026-04-16T22:17:57.743232+00:00	GitLab Importer	Fixing	VCID-y8up-mkx2-abcn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46364.yml	38.4.0
2026-04-11T23:35:36.167574+00:00	GitLab Importer	Fixing	VCID-xzs8-rbhd-mkbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46363.yml	38.3.0
2026-04-11T23:35:27.702972+00:00	GitLab Importer	Fixing	VCID-y8up-mkx2-abcn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46364.yml	38.3.0
2026-04-02T23:40:12.883440+00:00	GitLab Importer	Fixing	VCID-xzs8-rbhd-mkbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46363.yml	38.1.0
2026-04-02T23:40:05.984819+00:00	GitLab Importer	Fixing	VCID-y8up-mkx2-abcn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46364.yml	38.1.0
2026-04-01T18:02:43.845133+00:00	GitLab Importer	Fixing	VCID-xzs8-rbhd-mkbp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46363.yml	38.0.0
2026-04-01T18:02:35.939503+00:00	GitLab Importer	Fixing	VCID-y8up-mkx2-abcn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf/CVE-2022-46364.yml	38.0.0