Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2022/09/02/5 | Mailing List Patch Third Party Advisory |
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928 | Mailing List Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2022-09-02T07:10:20
Updated: 2022-09-02T11:06:12
Reserved: 2022-04-13T00:00:00
Link: CVE-2022-29158
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-02T07:15:07.630
Modified: 2023-07-21T16:38:21.637
Link: CVE-2022-29158
JSON object: View
Redhat Information
No data.
CWE