SSRF and Code Injection Vulnerability in Apache OFBiz (before 18.12.17)

CVE-2024-47208

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 18 November 2024

Summary

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Affected Version(s)

Apache OFBiz < 18.12.17

Timeline

Vulnerability published.
Nov 18, 2024
Vulnerability Reserved.
Sep 21, 2024

Collectors

NVD DatabaseMitre Database

Credit

孙相 (Sun Xiang)