CVE-2024-48962
8.8HIGHImproper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. Th
게시됨: 11/18/2024업데이트됨: 2/11/2025
설명
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.
AI 분석AI 기반
영향받는 제품
apacheofbiz
참조
- https://issues.apache.org/jira/browse/OFBIZ-13162Issue Tracking
- https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6Mailing List
- https://ofbiz.apache.org/download.htmlProduct
- https://ofbiz.apache.org/security.htmlVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/11/16/2Mailing List