'[oss-security] [CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities
From:       Jacques Le Roux <jacques.le.roux () les7arts ! com>
Date:       2020-04-30 13:56:06
Message-ID: ea291a31-a9cc-88ed-67ad-8466b1024175 () les7arts ! com
[Download RAW message or body]


Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 17.12.01

Description:
Apache OFBiz is vulnerable to CSRF attacks

Mitigation:
Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470
----

Credit:
Initially known by the OFBiz security team (OFBIZ-10427),
also reported later by
Man Yue Mo via RT <security-reports@semmle.com>
Shuibo Ye <shuiboye@gmail.com>
Vikash Patnaik <vikash.patnaik@outlook.com>
Sonali Agrahari <sonaliagrahari8@gmail.com>
Girish Vasmatkar <girish.vasmatkar@hotwaxsystems.com>
Dinesh Kumar Mohanty <kiitkp03@gmail.com>
Jason Nordenstam <j.nordenstam@offensive-security.com>
Pradeep Jairamani <pradeepjairamani22@gmail.com>
Faiz Zaidi <faizzaidi17@gmail.com>

References:
https://ofbiz.apache.org/security.html



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic