====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN324
_____________________________________________________________________

DATE                : 16/06/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache CXF versions prior to 3.4.4,
                                         3.3.11.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/202106.mbox/%3cCAB8XdGBkduLkVaxCyRqfJ3ty3jqZ+_xoojvH7ckvxzesOMxqqw@mail.gmail.com%3e
_____________________________________________________________________

CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing
JSON via JsonMapObjectReaderWriter


A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows
an attacker to submit malformed JSON to a web service, which results
in the thread getting stuck in an infinite loop, consuming CPU
indefinitely.

This issue affects Apache CXF versions prior to 3.4.4; Apache CXF
versions prior to 3.3.11.

For more information please refer to the CXF security advisories page:
http://cxf.apache.org/security-advisories.html



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================