{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "1.4.4"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "47449cbcd5f8526cb506ba45046ea00afc6ca583"
            },
            {
              "fixed": "b6ed9865d0614332fa419fe4b6d0fe81bc2e660d"
            }
          ],
          "repo": "https://github.com/apache/cxf-fediz",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.",
  "id": "CVE-2018-8038",
  "modified": "2026-04-01T23:08:08.500116651Z",
  "published": "2018-07-05T13:29:00.587Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424%40%3Cdev.cxf.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.securitytracker.com/id/1041220"
    },
    {
      "type": "ADVISORY",
      "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc"
    },
    {
      "type": "FIX",
      "url": "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}