advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-5wqf-h3r3-gxvh] Uncontrolled Resource Consumption in Apache CXF

Open MarkLee131 opened this issue 1 year ago • 2 comments

Updates

  • Affected products
  • References

Comments Add a patch https://github.com/apache/cxf/commit/f8ed98e684c1a67a77ae8726db05a04a4978a445, of which the commit message claims Update StaxInInterceptor to just create a html error message on the client side as the normal error handling works best on server side.

MarkLee131 avatar Mar 03 '24 17:03 MarkLee131

Hey @MarkLee131, not sure I follow on this one. Can you elaborate on the connection of this commit to the advisory?

darakian avatar Mar 04 '24 23:03 darakian

Hi bro. did you notice that the commit msg is same with the existing patch commit for this cve? the patch I updated is for v3.0.0, and the current patch is for v2,6 and v2.7

MarkLee131 avatar Mar 18 '24 13:03 MarkLee131

Hi bro. did you notice that the commit msg is same with the existing patch commit for this cve?

I did not. Thank you for the clarity and please know that I have to deal with a lot of these PRs and I will ask you to be overly clear. That said, this commit for the 3.x branch does not relate to either of the affected products.

darakian avatar Mar 20 '24 17:03 darakian