| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA512 |
| |
| Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter (CVE-2021-30468) |
| |
| PRODUCT AFFECTED: |
| |
| This issue affects Apache CXF. |
| |
| PROBLEM: |
| |
| A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an |
| attacker to submit malformed JSON to a web service, which results in the thread |
| getting stuck in an infinite loop, consuming CPU indefinitely. |
| |
| This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions |
| prior to 3.3.11. |
| |
| This issue has been assigned CVE-2021-30468. |
| -----BEGIN PGP SIGNATURE----- |
| |
| iQEzBAEBCgAdFiEE20Xs0ZuXUU9ycQWuZ7+AsQrVOYMFAmDJwpQACgkQZ7+AsQrV |
| OYMsSwgAsYUMH9tHgKEKK9TG74ejNZQ/nKDw6P5lw9X3IgEi7oDXPoZuvJjaTWVn |
| EKcACu7jFoolhjPtuXjO7ZFXzm0huzqXJwJSx6H+y1HAcDKZAkCnKn9S2omF0wzf |
| IQJnw4foABDCQyV63BiYiGTKpN6kWNqb2E3TLE8ZfjTllhvDXZIojLbdxLhWdMCh |
| neKW1MgLDoeObjIde3K28NyH+6Y2MBJAnEJ/duZ7T/igRqUn+i/MyV1q2eVe3JbX |
| mo+sKDrnxmo09IuzcRafEd/mIJOw4KokcaWNFUswOMtRCLetw7Q0XIGyNjcIHsjW |
| LaETfe3x7ctxTPQwAlMqF2jREXJRHA== |
| =wnm/ |
| -----END PGP SIGNATURE----- |