CVE-2017-12624: Denial of Service attacks
(updated )
This package supports sending and receiving attachments via either the JAX-WS
or JAX-RS
specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS
and JAX-RS
services are vulnerable to this attack.
References
Detect and mitigate CVE-2017-12624 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →