DoS (Denial of Service) org.apache.cxf:cxf-rt-rs-security-jose Dependency in Bitbucket Data Center and Server

This High severity org.apache.cxf:cxf-rt-rs-security-jose Dependency vulnerability was introduced in versions 8.9.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server. This org.apache.cxf:cxf-rt-rs-security-jose Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2024-32007

An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. Mitigation Mitigation for this issue is either not available or the...

CVE-2024-32007

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...

CVE-2024-32007

CVE-2024-32007 affects Apache CXF: improper input validation of the p2c parameter in JOSE code can allow a denial-of-service via a token with a large p2c. Affected branches include CXF 4.0.x (before 4.0.5) and older 3.6.x/3.5.x lines (3.6.4, 3.5.9). Mitigation is to upgrade to a fixed release (i....