[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2021-30128] Unsafe deserialization in OFBiz
From: "jleroux () apache ! org" <jleroux () apache ! org>
Date: 2021-04-27 19:00:22
Message-ID: b484727f-90d2-1a27-4bb2-c5e2b1579df6 () apache ! org
[Download RAW message or body]
Severity:
High, possible RCE
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.07
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
Mitigation:
Upgrade to at least 17.12.07
or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12212 & OFBIZ-12221
Credit:
Litch1 from the Security Team of Alibaba Cloud <litch1chk@gmail.com>
References:
http://ofbiz.apache.org/download.html#vulnerabilities
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic