oss-sec mailing list archives
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)
From: Jacques Le Roux <jleroux () apache org>
Date: Thu, 8 Sep 2022 15:53:26 +0200
Severity: High Vendor: The Apache Software Foundation Versions Affected: OFBiz versions prior to 18.12.06 Description: The Birt viewer version 4.5.0 has a security issue that allows this exploit. We waited long for https://github.com/eclipse/birt/issues/625 to resolve but eventually decided to release OFBiz 18.12.06 without the Birt component Mitigation: Upgrade to at least 18.12.06 Credit: Positive Technologies References: http://ofbiz.apache.org/download.html#vulnerabilities
Current thread:
- Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux (Sep 02)
- Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux (Sep 03)
- <Possible follow-ups>
- Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371) Jacques Le Roux (Sep 08)