{"schema_version": "1.6.1", "id": "CVE-2021-30468", "summary": "Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter", "details": "A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely.  \n\nThis issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "Apache CXF"}, {"fixed": "3.4.4"}]}]}], "references": [{"type": "ADVISORY", "url": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc"}]}