oss-sec mailing list archives
[CVE-2019-12425] Apache OFBiz Host Header Injection
From: Jacques Le Roux <jacques.le.roux () les7arts com>
Date: Thu, 30 Apr 2020 14:11:22 +0200
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts Mitigation: Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583 ---- Credit: Pradeep Jairamani <pradeepjairamani22 () gmail com> References: https://ofbiz.apache.org/security.html
Current thread:
- [CVE-2019-12425] Apache OFBiz Host Header Injection Jacques Le Roux (Apr 30)