Injection and CSRF Vulnerability in Apache OFBiz Prior to 18.12.17

CVE-2024-48962

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 18 November 2024

Summary

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.17.

Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Affected Version(s)

Apache OFBiz < 18.12.17

References

https://ofbiz.apache.org/download.html

mitigationrelease-notesproduct

https://ofbiz.apache.org/security.html

patch

https://issues.apache.org/jira/browse/OFBIZ-13162

issue-tracking

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Oct 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

Sebastiano Sartor <[email protected]>

Ryan <[email protected]>