{"schema_version": "1.6.1", "id": "CVE-2021-22696", "summary": "OAuth 2 authorization service vulnerable to DDos attacks", "details": "CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter.\n\nCXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token.\n\nThis means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. \n\nThis issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "unspecified"}, {"fixed": "3.4.3"}]}]}], "references": [{"type": "ADVISORY", "url": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc"}]}