CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
References
- github.com/advisories/GHSA-6pff-fmh2-4mmf
- github.com/apache/cxf
- github.com/apache/cxf/commit/20793d3fed2e73e2785a58ec5b47403306ae4a5c
- github.com/apache/cxf/commit/2d2baa3455db7439bf1ed4e00edfc5a7106edf7d
- github.com/apache/cxf/commit/d1d77c34c199c2c87ebcfe23e3c81dccfe2e2473
- lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633
- nvd.nist.gov/vuln/detail/CVE-2024-32007
Code Behaviors & Features
Detect and mitigate CVE-2024-32007 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →