How severe is CVE-2024-48962?

CVE-2024-48962 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-48962

Name: ofbiz
Author: apache

8.8HIGH

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. Th

Publicado: 11/18/2024Atualizado: 2/11/2025

Descrição

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Análise IADesenvolvido por IA

Produtos Afetados

apacheofbiz

Referências

https://issues.apache.org/jira/browse/OFBIZ-13162
Issue Tracking
https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6
Mailing List
https://ofbiz.apache.org/download.html
Product
https://ofbiz.apache.org/security.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/16/2
Mailing List