CVE-2024-45507

CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-918 · SSRF

Published September 4, 2024

Last update September 13, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

Key dates

Disclosure timeline

September 4, 2024 CVE published

September 13, 2024 Record updated