CVE-2024-28752

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-28752

CGA ID

CGA-58x7-92cj-h7fv

Severity

Unknown

Summary

SSRF vulnerability using the Aegis DataBinding in Apache CXF

Description

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

References

https://images.chainguard.dev/security/CGA-58x7-92cj-h7fv
https://github.com/advisories/GHSA-qmgx-j96g-4428
https://nvd.nist.gov/vuln/detail/CVE-2024-28752
https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
https://github.com/apache/cxf
https://security.netapp.com/advisory/ntap-20240517-0001
http://www.openwall.com/lists/oss-security/2024/03/14/3

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-28752

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources