CVE-2013-2160: Uncontrolled Resource Consumption

August 19, 2013 (updated October 30, 2013)

The streaming XML parser in Apache CXF allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

References

cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2160

Code Behaviors & Features

Detect and mitigate CVE-2013-2160 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →