Alan Dávila created CAMEL-19891:
-----------------------------------
Summary: Update Apache CXF versions to mitigate CVE-2022-46364 and
CVE-2022-46363
Key: CAMEL-19891
URL: https://issues.apache.org/jira/browse/CAMEL-19891
Project: Camel
Issue Type: Dependency upgrade
Components: cxf
Affects Versions: 3.14.9
Reporter: Alan Dávila
h4.
Update Apache CXF versions to mitigate CVE-2022-46364
_Apache CXF versions prior to 3.4.10 and 3.5.x prior to 3.5.5 is vulnerable to
SSRF while parsing the `href` attribute of `XOP:Include` in MTOM requests. It
allows an attacker to perform SSRF style attacks on webservices that take at
least one parameter of any type._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
