/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-28752

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-28752

CGA ID

CGA-58x7-92cj-h7fv

Severity

Unknown

Summary

SSRF vulnerability using the Aegis DataBinding in Apache CXF

Description

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs