Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 16 Jun 2021 10:49:44 +0100
From: Colm O hEigeartaigh <>
Subject: CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing
 JSON via JsonMapObjectReaderWriter

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows
an attacker to submit malformed JSON to a web service, which results
in the thread getting stuck in an infinite loop, consuming CPU

This issue affects Apache CXF versions prior to 3.4.4; Apache CXF
versions prior to 3.3.11.

For more information please refer to the CXF security advisories page:

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.