VulnerableCode Package Details - pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.0.1

Vulnerability	Summary	Fixed by
VCID-gtfj-ry3n-aaae Aliases: CVE-2020-13954 GHSA-64x2-gq24-75pv	Cross-site scripting in Apache CXF	3.3.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.4.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jv7g-f1zc-aaas Aliases: CVE-2017-12624 GHSA-7vgj-8mw4-hg8r	Uncontrolled Resource Consumption It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider.	3.0.16 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.14 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zggp-qr1y-aaaf Aliases: CVE-2021-22696 GHSA-7q4h-pj78-j7vg	Authorization service vulnerable to DDos attacks in Apache CFX	3.3.10 Affected by 0 other vulnerabilities. 3.4.3 Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-vq6d-cmr8-aaah	Denial of Service (DoS) via invalid JAX-RS SAML tokens The `SamlHeaderInHandler` in this package allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.	CVE-2014-3584 GHSA-gw5j-77f9-v2g2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T15:40:46.215266+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	None	36.1.3
2025-06-20T15:40:24.506074+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	36.1.3
2025-06-20T15:00:47.467280+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	36.1.3
2025-06-20T15:00:46.854151+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	None	36.1.3
2025-06-20T14:53:18.109210+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	36.1.3
2025-06-20T14:53:13.567116+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	None	36.1.3
2025-06-20T13:58:45.286396+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	None	36.1.3
2025-06-20T13:58:45.182431+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	36.1.3
2025-06-03T22:21:02.948347+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	None	36.1.0
2025-06-03T22:20:41.666621+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	36.1.0
2025-06-03T21:44:02.616098+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	36.1.0
2025-06-03T21:44:02.100872+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	None	36.1.0
2025-06-03T21:36:57.047825+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	36.1.0
2025-06-03T21:36:52.254749+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	None	36.1.0
2025-06-03T20:50:38.157452+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	None	36.1.0
2025-06-03T20:50:38.069172+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	36.1.0
2025-06-02T22:09:53.549934+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	None	36.1.2
2025-06-02T22:09:29.915202+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	36.1.2
2025-06-02T21:27:39.236693+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	36.1.2
2025-06-02T21:27:38.582929+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	None	36.1.2
2025-06-02T21:19:31.725422+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	36.1.2
2025-06-02T21:19:26.507031+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	None	36.1.2
2025-06-02T20:30:22.464104+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	None	36.1.2
2025-06-02T20:30:22.358039+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	36.1.2
2025-04-03T19:38:07.775453+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	None	36.0.0
2025-04-03T19:37:32.048728+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	36.0.0
2025-04-03T18:17:19.094766+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	36.0.0
2025-04-03T18:17:17.486306+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	None	36.0.0
2025-04-03T18:02:37.692451+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	36.0.0
2025-04-03T18:02:25.024077+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	None	36.0.0
2025-04-03T16:45:36.152741+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	None	36.0.0
2025-04-03T16:45:35.877961+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	36.0.0
2025-02-18T06:28:04.968573+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	35.1.0
2025-02-18T06:28:04.417479+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	None	35.1.0
2025-02-18T00:02:52.507759+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	None	35.1.0
2025-02-18T00:02:45.079516+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	35.1.0
2025-02-17T23:33:19.787958+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	None	35.1.0
2025-02-17T23:33:12.795376+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	35.1.0
2025-02-17T22:33:57.581029+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	None	35.1.0
2025-02-17T22:33:57.304005+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	35.1.0
2025-01-17T02:29:29.665687+00:00	GHSA Importer	Fixing	VCID-vq6d-cmr8-aaah	None	35.1.0
2024-11-21T02:31:58.232449+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	35.0.0
2024-11-20T22:59:08.189522+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	35.0.0
2024-11-20T22:37:47.562360+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	35.0.0
2024-11-20T21:59:14.251311+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	35.0.0
2024-11-19T02:15:18.597336+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	34.3.2
2024-11-18T22:45:46.249063+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	34.3.2
2024-11-18T22:29:02.593717+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	34.3.2
2024-11-18T21:56:24.328068+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	34.3.2
2024-10-15T18:09:16.591710+00:00	GithubOSV Importer	Fixing	VCID-vq6d-cmr8-aaah	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gw5j-77f9-v2g2/GHSA-gw5j-77f9-v2g2.json	34.0.2
2024-10-08T02:49:23.812321+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	34.0.2
2024-10-07T23:45:59.851205+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	34.0.2
2024-10-07T23:29:43.986838+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	34.0.2
2024-10-07T22:56:34.271993+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	34.0.2
2024-10-07T16:54:28.485708+00:00	GHSA Importer	Fixing	VCID-vq6d-cmr8-aaah	https://github.com/advisories/GHSA-gw5j-77f9-v2g2	34.0.2
2024-09-23T00:00:15.960016+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	34.0.1
2024-09-22T23:43:46.351067+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	34.0.1
2024-09-22T23:11:56.794684+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	34.0.1
2024-09-18T09:11:58.394967+00:00	GithubOSV Importer	Fixing	VCID-vq6d-cmr8-aaah	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gw5j-77f9-v2g2/GHSA-gw5j-77f9-v2g2.json	34.0.1
2024-09-17T22:37:36.014306+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	34.0.1
2024-09-17T22:01:35.491666+00:00	GHSA Importer	Fixing	VCID-vq6d-cmr8-aaah	https://github.com/advisories/GHSA-gw5j-77f9-v2g2	34.0.1
2024-04-24T05:21:25.265434+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	34.0.0rc4
2024-04-24T05:21:24.688053+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	None	34.0.0rc4
2024-04-24T02:02:58.303131+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	None	34.0.0rc4
2024-04-24T02:02:53.014770+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	34.0.0rc4
2024-04-24T01:45:01.164982+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	None	34.0.0rc4
2024-04-24T01:44:56.261043+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	34.0.0rc4
2024-04-24T01:08:22.443111+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	34.0.0rc4
2024-04-24T01:08:21.214477+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	None	34.0.0rc4
2024-04-23T23:07:20.046338+00:00	GithubOSV Importer	Fixing	VCID-vq6d-cmr8-aaah	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gw5j-77f9-v2g2/GHSA-gw5j-77f9-v2g2.json	34.0.0rc4
2024-04-23T18:03:19.423357+00:00	GHSA Importer	Fixing	VCID-vq6d-cmr8-aaah	https://github.com/advisories/GHSA-gw5j-77f9-v2g2	34.0.0rc4
2024-04-23T18:03:17.924088+00:00	GHSA Importer	Fixing	VCID-vq6d-cmr8-aaah	None	34.0.0rc4
2024-01-10T07:53:08.050126+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	34.0.0rc2
2024-01-10T07:53:07.474456+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	None	34.0.0rc2
2024-01-10T04:35:43.211072+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	None	34.0.0rc2
2024-01-10T04:35:37.996717+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	34.0.0rc2
2024-01-10T04:16:06.248480+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	None	34.0.0rc2
2024-01-10T04:16:01.334648+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	34.0.0rc2
2024-01-10T03:34:41.786161+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	34.0.0rc2
2024-01-10T03:34:40.493042+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	None	34.0.0rc2
2024-01-09T19:59:04.825832+00:00	GHSA Importer	Fixing	VCID-vq6d-cmr8-aaah	https://github.com/advisories/GHSA-gw5j-77f9-v2g2	34.0.0rc2
2024-01-09T19:59:03.221404+00:00	GHSA Importer	Fixing	VCID-vq6d-cmr8-aaah	None	34.0.0rc2
2024-01-04T00:38:15.659132+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	None	34.0.0rc1
2024-01-03T21:22:31.781191+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	None	34.0.0rc1
2024-01-03T21:22:26.405546+00:00	GitLab Importer	Affected by	VCID-zggp-qr1y-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2021-22696.yml	34.0.0rc1
2024-01-03T21:00:12.162644+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	None	34.0.0rc1
2024-01-03T21:00:07.153493+00:00	GitLab Importer	Affected by	VCID-gtfj-ry3n-aaae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2020-13954.yml	34.0.0rc1
2024-01-03T20:10:57.469634+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2017-12624.yml	34.0.0rc1
2024-01-03T20:10:56.165723+00:00	GitLab Importer	Affected by	VCID-jv7g-f1zc-aaas	None	34.0.0rc1
2024-01-03T18:00:30.097687+00:00	GitLab Importer	Fixing	VCID-vq6d-cmr8-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-frontend-jaxrs/CVE-2014-3584.yml	34.0.0rc1
2024-01-03T17:36:25.972059+00:00	GHSA Importer	Fixing	VCID-vq6d-cmr8-aaah	https://github.com/advisories/GHSA-gw5j-77f9-v2g2	34.0.0rc1
2024-01-03T15:27:16.296775+00:00	GHSA Importer	Fixing	VCID-vq6d-cmr8-aaah	None	34.0.0rc1

Next non-vulnerable version	3.3.10
Latest non-vulnerable version	3.4.3
Risk	4.5