Fixed (as part of [1]) all GraalVM samples:
DK> jaxws_graalvm
DK> jaxws_graalvm_dynamic
DK> jax_rs/graalvm_basic
Also fixed:
DK> jax_rs/description_openapi_v3_spring - classpath? Jackson not found
DK> jax_rs/description_openapi_v3_web - classpath? Jackson not found
DK>
CVE-2022-46364: Apache CXF SSRF Vulnerability
Severity: important
Description:
A SSRF vulnerability in parsing the href attribute of XOP:Include in
MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows
an attacker to perform SSRF style attacks on webservices that take at
least
I finished going through all the samples.This is what’s left:
Problems:
jax_rs/description_openapi_microprofile_spring - spring config or claspath issue
java.lang.ClassNotFoundException:
org.eclipse.microprofile.openapi.models.servers.ServerVariables
Severity: moderate
Description:
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows
an attacker to perform a remote directory listing or code
exfiltration. The vulnerability only applies when the CXFServlet is
configured with both the static-resources-list and
I looked at these 3 corba example failures. The hello-world example has
been fixed and the other two examples still have this failure:
Caused by: org.omg.CORBA.MARSHAL: FINE: 00810007: Underflow in
BufferManagerReadStream after last fragment in message
at jdk.proxy3.$Proxy73.endOfStream