CVE-2024-47208

CVE-2024-47208: Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-918 · SSRF

Published November 18, 2024

Last update November 19, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

Key dates

Disclosure timeline

November 18, 2024 CVE published

November 19, 2024 Record updated