SSRF and Code Injection Vulnerability in Apache OFBiz (before 18.12.17)
CVE-2024-47208

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 18 November 2024

🔔 Create Apache Vulnerability Alert

What is CVE-2024-47208?

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.17.

Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Affected Version(s)

Apache OFBiz 0 < 18.12.17

References

https://ofbiz.apache.org/download.html

mitigationproductrelease-notes

https://ofbiz.apache.org/security.html

https://issues.apache.org/jira/browse/OFBIZ-13158

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Sep 21, 2024

Credit

孙相 (Sun Xiang)

.

CVE-2024-47208 : SSRF and Code Injection Vulnerability in Apache OFBiz (before 18.12.17)