Lucene search
GitHub Advisory DatabaseGHSA-QMGX-J96G-4428HistoryMar 15, 2024 - 12:30 p.m.
SSRF vulnerability using the Aegis DataBinding in Apache CXF
2024-03-1512:30:37
CWE-918
GitHub Advisory Database
github.com
27
ssrf
aegis databinding
apache cxf
versions 4.0.4
3.6.3
3.5.8
webservices
data bindings
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
Affected configurations
Node
org.apache.cxf\cxfMatchcore
ORorg.apache.cxf\cxfMatchcore
ORorg.apache.cxf\cxfMatchcore
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.cxf:cxf-core | lt | 4.0.4 | |
| org.apache.cxf:cxf-core | lt | 3.6.3 | |
| org.apache.cxf:cxf-core | lt | 3.5.8 |
Related
ibm
ibm
cvelist
cvelist
CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding
2024-03-15 10:27:30
nvd
nvd
CVE-2024-28752
2024-03-15 11:15:09
cve
cve
CVE-2024-28752
2024-03-15 11:15:09
veracode
veracode
Server-Side Request Forgery (SSRF)
2024-03-18 08:35:48
osv
osv
SSRF vulnerability using the Aegis DataBinding in Apache CXF
2024-03-15 12:30:37
nessus
nessus
cgr
cgr
CVE-2024-28752 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2024-28752
2024-03-21 15:31:52
wolfi
wolfi
CVE-2024-28752 vulnerabilities
2024-06-22 09:08:24
