Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-29158

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Published

2022-09-02T07:15:07.630

Last Modified

2024-11-21T06:58:36.370

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-1333
Type: Primary
CWE-1333

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	ofbiz	< 18.12.06	Yes

References

http://www.openwall.com/lists/oss-security/2022/09/02/5 Mailing List, Patch, Third Party Advisory ([email protected])
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928 Mailing List, Patch, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/09/02/5 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928 Mailing List, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)