How severe is CVE-2024-48962?

CVE-2024-48962 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-48962

Name: ofbiz
Author: apache

8.8HIGH

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. Th

公開日: 11/18/2024更新日: 2/11/2025

説明

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

AI分析AIによる分析

影響を受ける製品

apacheofbiz

参照

https://issues.apache.org/jira/browse/OFBIZ-13162
Issue Tracking
https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6
Mailing List
https://ofbiz.apache.org/download.html
Product
https://ofbiz.apache.org/security.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/16/2
Mailing List