VDB

CISA-2024-41172

CISA-2024-41172 PUBLISHED CVSS 5.3 MEDIUM

Reported by apache · Published July 19, 2024

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Apache Software FoundationApache CXF3.6.0, 4.0.0
Apache Software FoundationApache CXF3.6.0, 4.0.0, *
apachecxf3.6.0, 4.0.0, 3.6.0

Timeline

  • Jul 19, 2024 CVE Published
  • Sep 13, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›