oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2020-13923] IDOR in Apache OFBiz

From: Jacques Le Roux <jacques.le.roux () les7arts com>
Date: Wed, 15 Jul 2020 14:52:06 +0200
Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
All versions < 17.12.04

Description:
IDOR vulnerability in the order processing feature from ecommerce component.

Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11836
----

Credit:
Harshit Shukla <harshit.shukz () gmail com>

References:
https://ofbiz.apache.org/security.html
Previous By Date Next
Previous By Thread Next

Current thread: