-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter (CVE-2021-30468)

PRODUCT AFFECTED:

This issue affects Apache CXF.

PROBLEM:

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an
attacker to submit malformed JSON to a web service, which results in the thread
getting stuck in an infinite loop, consuming CPU indefinitely.

This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions
prior to 3.3.11.

This issue has been assigned CVE-2021-30468.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE20Xs0ZuXUU9ycQWuZ7+AsQrVOYMFAmDJwpQACgkQZ7+AsQrV
OYMsSwgAsYUMH9tHgKEKK9TG74ejNZQ/nKDw6P5lw9X3IgEi7oDXPoZuvJjaTWVn
EKcACu7jFoolhjPtuXjO7ZFXzm0huzqXJwJSx6H+y1HAcDKZAkCnKn9S2omF0wzf
IQJnw4foABDCQyV63BiYiGTKpN6kWNqb2E3TLE8ZfjTllhvDXZIojLbdxLhWdMCh
neKW1MgLDoeObjIde3K28NyH+6Y2MBJAnEJ/duZ7T/igRqUn+i/MyV1q2eVe3JbX
mo+sKDrnxmo09IuzcRafEd/mIJOw4KokcaWNFUswOMtRCLetw7Q0XIGyNjcIHsjW
LaETfe3x7ctxTPQwAlMqF2jREXJRHA==
=wnm/
-----END PGP SIGNATURE-----