QwikSec

Security Database

CVE

CWE

Training

CVE-2024-41172

Published: Jul 19, 2024

Modified: Sep 13, 2024

PUBLISHED

Description

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory

Vendor	Product	Versions
Apache Software Foundation	Apache CXF	affected `3.6.0, 4.0.0 - < 3.6.4, 4.0.5`

Weaknesses (CWE)

References

https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.