org.apache.neethi:neethi 3.0.1

Direct Vulnerabilities

Known vulnerabilities in the org.apache.neethi:neethi package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Infinite loop Affected versions of this package are vulnerable to Infinite loop when processing circular policy references. An attacker can cause denial of service by submitting malicious policy documents containing circular references. How to fix Infinite loop? Upgrade `org.apache.neethi:neethi` to version 3.2.2 or higher.	[,3.2.2)
M Server-side Request Forgery (SSRF) Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `PolicyReference` API when fetching remote policy references. An attacker can access internal resources or arbitrary protocols by supplying a crafted URI. How to fix Server-side Request Forgery (SSRF)? Upgrade `org.apache.neethi:neethi` to version 3.2.2 or higher.	[,3.2.2)
H Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the normalization performed by the `AbstractPolicyOperator` class. An attacker can cause unbounded memory allocation and exhaust the JVM heap by submitting malicious WS-Policy documents that trigger exponential expansion when calculating policy alternatives. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `org.apache.neethi:neethi` to version 3.2.2 or higher.	[,3.2.2)

Vulnerability

Vulnerable Version

Infinite loop

Affected versions of this package are vulnerable to Infinite loop when processing circular policy references. An attacker can cause denial of service by submitting malicious policy documents containing circular references.

How to fix Infinite loop?

Upgrade org.apache.neethi:neethi to version 3.2.2 or higher.

[,3.2.2)

Server-side Request Forgery (SSRF)

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the PolicyReference API when fetching remote policy references. An attacker can access internal resources or arbitrary protocols by supplying a crafted URI.

How to fix Server-side Request Forgery (SSRF)?

Upgrade org.apache.neethi:neethi to version 3.2.2 or higher.

[,3.2.2)

Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the normalization performed by the AbstractPolicyOperator class. An attacker can cause unbounded memory allocation and exhaust the JVM heap by submitting malicious WS-Policy documents that trigger exponential expansion when calculating policy alternatives.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade org.apache.neethi:neethi to version 3.2.2 or higher.

[,3.2.2)

org.apache.neethi:neethi@3.0.1

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically