oss-sec mailing list archives
CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability
From: Deepak Dixit <deepak () apache org>
Date: Tue, 26 Dec 2023 12:02:12 +0000
Severity: critical Affected versions: - Apache OFBiz before 18.12.11 Description: The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) This issue is being tracked as OFBIZ-12873 Credit: Hasib Vhora, Senior Threat Researcher, SonicWall (finder) Gao Tian (finder) L0ne1y (finder) References: https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/release-notes-18.12.11.html https://issues.apache.org/jira/browse/OFBIZ-12873 https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-51467 https://issues.apache.org/jira/browse/OFBIZ-12873
Current thread:
- CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability Deepak Dixit (Dec 26)