How severe is CVE-2024-48962?

CVE-2024-48962 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-48962

Name: ofbiz
Author: apache

8.8HIGH

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. Th

发布于: 11/18/2024更新于: 2/11/2025

描述

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

AI分析AI驱动

受影响产品

apacheofbiz

参考资料

https://issues.apache.org/jira/browse/OFBIZ-13162
Issue Tracking
https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6
Mailing List
https://ofbiz.apache.org/download.html
Product
https://ofbiz.apache.org/security.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/11/16/2
Mailing List