CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
27.0%
An improper input validation of theΒ p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9Β allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
Vendor | Product | Version | CPE |
---|---|---|---|
org.apache.cxf | cxf-rt-rs-security-jose | * | cpe:2.3:a:org.apache.cxf:cxf-rt-rs-security-jose:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-6pff-fmh2-4mmf
github.com/apache/cxf/commit/20793d3fed2e73e2785a58ec5b47403306ae4a5c
github.com/apache/cxf/commit/2d2baa3455db7439bf1ed4e00edfc5a7106edf7d
github.com/apache/cxf/commit/d1d77c34c199c2c87ebcfe23e3c81dccfe2e2473
lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633
nvd.nist.gov/vuln/detail/CVE-2024-32007