Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 17.12.01

Description:
Apache OFBiz is vulnerable to CSRF attacks

Mitigation:
Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470
----

Credit:
Initially known by the OFBiz security team (OFBIZ-10427),
also reported later by
Man Yue Mo via RT <security-repo...@semmle.com>
Shuibo Ye <shuib...@gmail.com>
Vikash Patnaik <vikash.patn...@outlook.com>
Sonali Agrahari <sonaliagraha...@gmail.com>
Girish Vasmatkar <girish.vasmat...@hotwaxsystems.com>
Dinesh Kumar Mohanty <kiitk...@gmail.com>
Jason Nordenstam <j.nordens...@offensive-security.com>
Pradeep Jairamani <pradeepjairaman...@gmail.com>
Faiz Zaidi <faizzaid...@gmail.com>

References:
https://ofbiz.apache.org/security.html

Reply via email to