ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), com.argusoft:medplat_core (>=0.0.1 <=0.0.8) +412 more potentially affected by CVE-2017-5653 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.0.12)

org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =1.0.0, =0.0.1, =3.0.1, =3.1.2, =0.0.1, =0.6, =0.1.0, =0.1.0, =1.1.0 and more Source cves: CVE-2017-5653 Source advisory: OSV:GHSA-HGG6-8X62-M9GF...

CVE-2017-5653

It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encryption, where it does not enforce the message to be signed/encrypted. This could allow an attacker to subvert the integrity of the message...

CVE-2017-5653

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers...

CVE-2017-5653

CVE-2017-5653 affects Apache CXF JAX-RS XML Security streaming clients. The root cause is that these clients do not validate that the service response was signed or encrypted, enabling remote attackers to spoof servers. Affected: CXF versions prior to 3.1.11 and 3.0.13. Impact (per public records...