exploitDog

CVE-2022-29158

Опубликовано: 02 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Ссылки

http://www.openwall.com/lists/oss-security/2022/09/02/5
Mailing List
Patch
Third Party Advisory
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928
Mailing List
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/09/02/5
Mailing List
Patch
Third Party Advisory
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928
Mailing List
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

Версия до 18.12.06 (исключая)

EPSS

Процентиль: 63%

0.00454

Низкий

7.5 High

CVSS3

Дефекты

CWE-1333

CWE-1333

Связанные уязвимости

GHSA-7hxq-2vp3-4xmj

CVSS3: 7.5

github

больше 3 лет назад

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

EPSS

Процентиль: 63%

0.00454

Низкий

7.5 High

CVSS3

Дефекты

CWE-1333

CWE-1333