Description
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
Remediation
References
https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
Related Vulnerabilities
CVE-2023-28709 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-30535 Vulnerability in maven package net.snowflake:snowflake-jdbc
CVE-2023-44487 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2022-45378 Vulnerability in maven package soap:soap
CVE-2020-2293 Vulnerability in maven package org.jenkins-ci.plugins:persona