Injection and CSRF Vulnerability in Apache OFBiz Prior to 18.12.17
CVE-2024-48962

Currently unrated

Key Information:

Vendor
Apache
Vendor
CVE Published:
18 November 2024

Summary

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.17.

Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Affected Version(s)

Apache OFBiz 0 < 18.12.17

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sebastiano Sartor <[email protected]>
.