CVE-2021-30468: Uncontrolled Resource Consumption

June 16, 2021 (updated November 7, 2023)

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely.

References

cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc
nvd.nist.gov/vuln/detail/CVE-2021-30468

Code Behaviors & Features

Detect and mitigate CVE-2021-30468 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →