CVE-2024-29736

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

Published: Jul 19, 2024
Updated: May 4, 2025
CVE: CVE-2024-29736
GHSA: GHSA-5m3j-pxh7-455p
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
org.apache.cxf / cxf-rt-rs-service-description	4.0.0	4.0.5
org.apache.cxf / cxf-rt-rs-service-description	3.6.0	3.6.4
org.apache.cxf / cxf-rt-rs-service-description	-	3.5.9
apache / cxf	4.0.0	4.0.5
apache / cxf	3.6.0	3.6.4
apache / cxf	-	3.5.9

http://www.openwall.com/lists/oss-security/2024/07/18/2
https://github.com/apache/cxf/commit/378afe1acb7503315bc63555c8743db0f55d8312
https://github.com/apache/cxf/commit/bafb0cadf723fc3962031c34f1f20dc0e8b7a36b
https://github.com/apache/cxf/commit/df2241c59481a57aebb1c0693b778a35baaf5570
https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2
https://security.netapp.com/advisory/ntap-20241115-0003/

Vulnerability Database

289,599

CVE-2024-29736