[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2023-50968: Apache OFBiz: Arbitrary file properties reading and SSRF attack
From: Nicolas Malin <nmalin () apache ! org>
Date: 2023-12-26 10:17:25
Message-ID: 58d8d5e1-bb9d-afb1-7606-593067da71fb () apache ! org
[Download RAW message or body]
Severity: important
Affected versions:
- Apache OFBiz through 18.12.10
Description:
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when \
user operates an uri call without authorizations.
The same uri can be operated to realize a SSRF attack also without authorizations.
Users are recommended to upgrade to version 18.12.11, which fixes this issue.
Credit:
Yun Peng - 郭 运鹏 <puata123@outlook.com> (finder)
References:
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/release-notes-18.12.11.html
https://issues.apache.org/jira/browse/OFBIZ-12875
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-50968
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic