Severity: High Vendor: The Apache Software Foundation
Versions Affected: OFBiz versions prior to 17.12.06 Description: Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. Mitigation: Upgrade to at least 17.12.06 or apply the patch at https://github.com/apache/ofbiz-framework/commit/af9ed4e/ Credit: r00t4dm at Cloud-Penetrating Arrow Lab <r00t...@gmail.com> MagicZero from SGLAB of Legendsec at Qi'anxin Group. Longofo at Knownsec 404 Team References: http://ofbiz.apache.org/download.html#vulnerabilities