Description
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
Remediation
References
https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
Related Vulnerabilities
CVE-2015-5207 Vulnerability in npm package cordova-ios
CVE-2023-26475 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-33937 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.form.web
CVE-2012-0838 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2018-1999038 Vulnerability in maven package org.jenkins-ci.plugins:publish-over-cifs