org.apache.neethi:neethi

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.neethi:neethipage 1 of 1

CVE-2026-42402HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.2
2026-05-01
vulnerable: 2.0 ... 3.2.1 (14 versions)
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization p…
CVE-2026-42403HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.2
2026-05-01
vulnerable: 2.0 ... 3.2.1 (14 versions)
Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization proces…
CVE-2026-42404MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.2.2
2026-05-01
vulnerable: 2.0 ... 3.2.1 (14 versions)
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound reques…

Check whether org.apache.neethi:neethi is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.neethi:neethi CVEs against the assets you own.

Start Free Scan →