Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-4mgg-fqfq-64hg

GitHub Security Advisory

Apache CXF allows unrestricted memory consumption in CXF HTTP clients

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory

Affected Packages

Maven org.apache.cxf:cxf-rt-transports-http
Affected versions: 4.0.0 (fixed in 4.0.5)
Maven org.apache.cxf:cxf-rt-transports-http
Affected versions: 3.6.0 (fixed in 3.6.4)

Related CVEs

CVE-2024-41172

Key Information

GHSA ID
GHSA-4mgg-fqfq-64hg
Published
July 19, 2024 9:32 AM
Last Modified
November 18, 2024 4:26 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.cxf:cxf-rt-transports-http
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.