CVE-2024-29736
- Source
- https://cve.org/CVERecord?id=CVE-2024-29736
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29736.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-29736
- Aliases
- Published
- 2024-07-19T09:15:04.003Z
- Modified
- 2026-04-10T05:12:13.759234Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
- References
Affected packages
Git / github.com/apache/cxf
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/cxf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "3.5.9" }, { "introduced": "3.6.0" }, { "fixed": "3.6.4" }, { "introduced": "4.0.0" }, { "fixed": "4.0.5" } ] }
Affected versions
cxf-2.*
cxf-2.1
cxf-2.1.2
cxf-2.2
cxf-2.2.1
cxf-2.2.2
cxf-2.3.0
cxf-2.4.0
cxf-2.5.0
cxf-2.5.1
cxf-2.6.0
cxf-2.6.1
cxf-2.7.0
cxf-2.7.1
cxf-2.7.2
cxf-3.*
cxf-3.0.0
cxf-3.0.0-milestone2
cxf-3.1.0
cxf-3.1.1
cxf-3.1.2
cxf-3.1.3
cxf-3.1.4
cxf-3.2.0
cxf-3.2.1
cxf-3.2.2
cxf-3.2.3
cxf-3.2.4
cxf-3.2.5
cxf-3.3.0
cxf-3.3.1
cxf-3.3.2
cxf-3.3.3
cxf-3.4.0
cxf-3.4.1
cxf-3.5.0
cxf-3.5.1
cxf-3.5.2
cxf-3.5.3
cxf-3.5.4
cxf-3.5.5
cxf-3.5.6
cxf-3.5.7
cxf-3.5.8
cxf-3.6.0
cxf-3.6.1
cxf-3.6.2
cxf-3.6.3
cxf-4.*
cxf-4.0.0
cxf-4.0.1
cxf-4.0.2
cxf-4.0.3
cxf-4.0.4