Injection and CSRF Vulnerability in Apache OFBiz Prior to 18.12.17

CVE-2024-48962

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 18 November 2024

Summary

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Affected Version(s)

Apache OFBiz < 18.12.17

Timeline

Vulnerability published.
Nov 18, 2024
Vulnerability Reserved.
Oct 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

Sebastiano Sartor <[email protected]>

Ryan <[email protected]>