How severe is CVE-2024-48962?

CVE-2024-48962 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-48962

Name: ofbiz
Author: apache

8.8HIGH

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. Th

Published: 11/18/2024Updated: 2/11/2025

Description

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

AI AnalysisPowered by AI

Affected Products

apacheofbiz

References

https://issues.apache.org/jira/browse/OFBIZ-13162
Issue Tracking
https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6
Mailing List
https://ofbiz.apache.org/download.html
Product
https://ofbiz.apache.org/security.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/16/2
Mailing List