org.apache.cxf:cxf-bundle@3.0.0-milestone2 vulnerabilities
-
latest version
2.7.18
-
latest non vulnerable version
-
first published
16 years ago
-
latest version published
8 years ago
-
licenses detected
- [2.0.6,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.cxf:cxf-bundle package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.cxf:cxf-bundle is a services framework that helps you build and develop services using frontend programming APIs. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[3.0.0-milestone2,)
|