oss-sec mailing list archives
[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities
From: Jacques Le Roux <jacques.le.roux () les7arts com>
Date: Thu, 30 Apr 2020 15:56:06 +0200
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 ---- Credit: Initially known by the OFBiz security team (OFBIZ-10427), also reported later by Man Yue Mo via RT <security-reports () semmle com> Shuibo Ye <shuiboye () gmail com> Vikash Patnaik <vikash.patnaik () outlook com> Sonali Agrahari <sonaliagrahari8 () gmail com> Girish Vasmatkar <girish.vasmatkar () hotwaxsystems com> Dinesh Kumar Mohanty <kiitkp03 () gmail com> Jason Nordenstam <j.nordenstam () offensive-security com> Pradeep Jairamani <pradeepjairamani22 () gmail com> Faiz Zaidi <faizzaidi17 () gmail com> References: https://ofbiz.apache.org/security.html
Current thread:
- [CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities Jacques Le Roux (Apr 30)