CVE-2021-22696
maven/org.apache.cxf/cxf
Uncontrolled Resource Consumption
CXF supports (via JwtRequestCodeFilter
) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a request
parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the request_uri
parameter. CXF was not validating the request_uri
parameter (apart from ensuring it uses https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section of the spec.
All versions before 3.3.10, all versions starting from 3.4.0 before 3.4.3
Upgrade to versions 3.3.10, 3.4.3 or above.
2021-04-10
source |