Unrated severityNVD Advisory· Published Sep 2, 2022· Updated Aug 3, 2024

Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz

CVE-2022-29158

Description

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Affected products

Apache/Apache OFBizcpe-rescue
Range: Apache OFBiz

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2022/09/02/5mitremailing-listx_refsource_MLIST
lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000