CVE-2024-32007

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-32007

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32007.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-32007

Aliases

GHSA-6pff-fmh2-4mmf

Published

2024-07-19T09:15:04.713Z

Modified

2026-03-14T14:54:21.593791Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.

References

Affected packages

Git / github.com/apache/cxf

Affected ranges

Type

GIT

Repo

https://github.com/apache/cxf

Events

Introduced

Fixed

8c68c138ce0b7f5c1945e744f7cf5067a8298374

Introduced

4cf375c5436f3e806293a73a5bb6a8510f7ac961

Fixed

6b27aec74e5329b60e84ff2478c854bf2acf3db5

Introduced

02310e95fe74c0c031f540f3284e4a9bd856ced2

Fixed

630d7368e073d379227d48ff4797c23377dc5ebf

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.5.9"
        },
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.6.4"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.5"
        }
    ]
}

Affected versions

cxf-3.*

cxf-3.6.0

cxf-3.6.1

cxf-3.6.2

cxf-3.6.3

cxf-4.*

cxf-4.0.0

cxf-4.0.1

cxf-4.0.2

cxf-4.0.3

cxf-4.0.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32007.json"