Search for packages
| purl | pkg:rpm/redhat/eap8-apache-cxf@4.0.4-1.redhat_00001.1?arch=el8eap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8mj8-rxf8-qyau
Aliases: CVE-2024-29371 GHSA-3677-xxcr-wjqv |
jose4j is vulnerable to DoS via compressed JWE content In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. | There are no reported fixed by versions. |
|
VCID-efw6-swgm-4fbc
Aliases: CVE-2024-28752 GHSA-qmgx-j96g-4428 |
SSRF vulnerability using the Aegis DataBinding in Apache CXF A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:49:08.080778+00:00 | RedHat Importer | Affected by | VCID-efw6-swgm-4fbc | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28752.json | 38.0.0 |
| 2026-04-01T13:33:27.943116+00:00 | RedHat Importer | Affected by | VCID-8mj8-rxf8-qyau | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29371.json | 38.0.0 |