CVE-2021-30468
published 2021-06-16CVE-2021-30468: A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | cxf | < 3.3.11 | 3.3.11 |
| apache | cxf | >= 3.4.0 < 3.4.4 | 3.4.4 |
| apache | tomee | — | — |
| apache_software_foundation | apache_cxf | >= Apache CXF < 3.4.4 | 3.4.4 |
| oracle | business_intelligence | — | — |
| oracle | business_intelligence | — | — |
| oracle | business_intelligence | — | — |
| oracle | business_intelligence | — | — |
| oracle | communications_element_manager | — | — |
| oracle | communications_messaging_server | — | — |