CVE-2022-29158

CVE-2022-29158: Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-1333

Published September 2, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Key dates

Disclosure timeline

September 2, 2022 CVE published

August 3, 2024 Record updated