CVE-2022-46364

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-46364
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46364.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-46364
Aliases
Downstream
Published
2022-12-13T17:15:17.587Z
Modified
2026-02-05T21:43:21.915722Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

References

Affected packages

Git / github.com/apache/cxf

Affected ranges

Type
GIT
Repo
https://github.com/apache/cxf
Events
Fixed
c1cb4f5ffa1ec63e577644659c5957a3c1e94255
Introduced
f93a0cea91c19c41338d96899a69bb66c463e9ff
Fixed
dc4477f563acddc522018d9ef817304096b57a70

Affected versions

cxf-3.*
cxf-3.5.0
cxf-3.5.1
cxf-3.5.2
cxf-3.5.3
cxf-3.5.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46364.json"