Apache CXF 3.6.x < 3.6.4, 4.0.x < 4.0.5 DoS

In versions of Apache CXF before 3.6.4 and 4.0.5 3.5.x and lower versions are not impacted, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out o...

CVE-2024-41172

A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory...

GHSA-4MGG-FQFQ-64HG Apache CXF allows unrestricted memory consumption in CXF HTTP clients

In versions of Apache CXF before 3.6.4 and 4.0.5 3.5.x and lower versions are not impacted, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out o...

PT-2024-5101 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions 3.6.3 and earlier, 4.0.4 and earlier Description: The issue is related to a memory leak in the Apache CXF HTTP client conduit, which can prevent HTTPClient instances from being garbage collected. This can cause memory...