SSRF and Code Injection Vulnerability in Apache OFBiz (before 18.12.17)

CVE-2024-47208

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 18 November 2024

Summary

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.17.

Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Affected Version(s)

Apache OFBiz < 18.12.17

References

https://ofbiz.apache.org/download.html

mitigationproductrelease-notes

https://ofbiz.apache.org/security.html

https://issues.apache.org/jira/browse/OFBIZ-13158

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Sep 21, 2024

Collectors

NVD DatabaseMitre Database

Credit

孙相 (Sun Xiang)

.