Maven/org.apache.cxf:apache-cxf — 7 CVEs

HIGH8.1CVE-2018-8039Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*

>= 3.2.0, < 3.2.5

HIGH7.5CVE-2021-30468Infinite loop in Apache CFX

>= 3.4.0, < 3.4.4

HIGH7.5CVE-2021-22696Authorization service vulnerable to DDos attacks in Apache CFX

>= 3.4.0, < 3.4.3

HIGH7.5Private key leak in Apache CXF

from 0, < 3.2.12

MEDIUM6.5Potential DOS attack due to unrestricted attachment count in messages

from 0, < 3.2.11

MEDIUM6.1Cross-site scripting in Apache CXF

from 0, < 3.3.8

MEDIUM6.1Reflected Cross-Site Scripting in Apache CXF

from 0, < 3.2.12

pkg:Maven/org.apache.cxf:apache-cxf