Lucene search

K
osvGoogleOSV:GHSA-QMGX-J96G-4428
HistoryMar 15, 2024 - 12:30 p.m.

SSRF vulnerability using the Aegis DataBinding in Apache CXF

2024-03-1512:30:37
Google
osv.dev
15
ssrf
apache cxf
aegis databinding
webservices
vulnerability
data binding

AI Score

7

Confidence

High

EPSS

0.001

Percentile

26.4%

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

AI Score

7

Confidence

High

EPSS

0.001

Percentile

26.4%