CVE-2024-29736

CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter

Vendor Apache Software Foundation

Product Apache CXF

Weakness CWE-918 · SSRF

Published July 19, 2024

Last update November 15, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

Key dates

Disclosure timeline

July 19, 2024 CVE published

November 15, 2024 Record updated