You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Colm O hEigeartaigh <co...@apache.org> on 2021/06/16 09:50:52 UTC

CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows
an attacker to submit malformed JSON to a web service, which results
in the thread getting stuck in an infinite loop, consuming CPU
indefinitely.

This issue affects Apache CXF versions prior to 3.4.4; Apache CXF
versions prior to 3.3.11.

For more information please refer to the CXF security advisories page:
http://cxf.apache.org/security-advisories.html