[ https://issues.apache.org/jira/browse/CAMEL-19891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17767184#comment-17767184 ]
Andrea Cosentino commented on CAMEL-19891: ------------------------------------------ we should upgrade to 3.4.10, while we are at 3.4.8. > Update Apache CXF versions to mitigate CVE-2022-46364 and CVE-2022-46363 > ------------------------------------------------------------------------ > > Key: CAMEL-19891 > URL: https://issues.apache.org/jira/browse/CAMEL-19891 > Project: Camel > Issue Type: Dependency upgrade > Components: cxf > Affects Versions: 3.14.9 > Reporter: Alan Dávila > Priority: Major > > h4. > Update Apache CXF versions to mitigate CVE-2022-46364 > _Apache CXF versions prior to 3.4.10 and 3.5.x prior to 3.5.5 is vulnerable > to SSRF while parsing the `href` attribute of `XOP:Include` in MTOM requests. > It allows an attacker to perform SSRF style attacks on webservices that take > at least one parameter of any type._ -- This message was sent by Atlassian Jira (v8.20.10#820010)