oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2021-30128] Unsafe deserialization in OFBiz

From: "jleroux () apache org" <jleroux () apache org>
Date: Tue, 27 Apr 2021 21:00:22 +0200
Severity:
High, possible RCE

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz versions prior to 17.12.07

Description:
Apache OFBiz has unsafe deserialization prior to 17.12.07 version

Mitigation:
Upgrade to at least 17.12.07
or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12212 & OFBIZ-12221

Credit:
Litch1 from the Security Team of Alibaba Cloud <litch1chk () gmail com>

References:
http://ofbiz.apache.org/download.html#vulnerabilities
Previous By Date Next
Previous By Thread Next

Current thread: