VulnerableCode Package Details - pkg:maven/org.apache.cxf/cxf-rt-transports-http@4.0.2

Search for packages

Package details: pkg:maven/org.apache.cxf/cxf-rt-transports-http@4.0.2

Essentials
History (2)

purl	pkg:maven/org.apache.cxf/cxf-rt-transports-http@4.0.2

Next non-vulnerable version	4.0.5
Latest non-vulnerable version	4.0.5
Risk	3.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-xj9j-j7ke-aaas Aliases: CVE-2024-41172 GHSA-4mgg-fqfq-64hg	Apache CXF allows unrestricted memory consumption in CXF HTTP clients In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory	4.0.5 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-10-07T22:19:16.351151+00:00	GHSA Importer	Affected by	VCID-xj9j-j7ke-aaas	https://github.com/advisories/GHSA-4mgg-fqfq-64hg	34.0.2
2024-09-22T22:45:21.882941+00:00	GHSA Importer	Affected by	VCID-xj9j-j7ke-aaas	https://github.com/advisories/GHSA-4mgg-fqfq-64hg	34.0.1