Description
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
Remediation
References
https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
Related Vulnerabilities
CVE-2016-3081 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2018-1999034 Vulnerability in maven package com.inedo.proget:inedo-proget
CVE-2023-29205 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-xwiki
CVE-2016-4055 Vulnerability in npm package moment
CVE-2021-21119 Vulnerability in maven package org.webjars.npm:electron