[ https://issues.apache.org/jira/browse/OFBIZ-11948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487088#comment-17487088 ]
ASF subversion and git services commented on OFBIZ-11948: --------------------------------------------------------- Commit 9967d30caaad38b324455f367d692ef9429c1116 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9967d30 ] Improved: Remote Code Execution (File Upload) Vulnerability (OFBIZ-11948) Previous commit added one checkstyle issue to the already 39 still existing in R18, not a big deal. This just allows checkstyle to pass (maxErrors from 38514 to 38515) > Remote Code Execution (File Upload) Vulnerability > ------------------------------------------------- > > Key: OFBIZ-11948 > URL: https://issues.apache.org/jira/browse/OFBIZ-11948 > Project: OFBiz > Issue Type: Sub-task > Components: product/catalog > Affects Versions: Trunk, 17.12.04, 18.12.01 > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Major > Fix For: 17.12.05, 18.12.01 > > > Harshit Shukla harshit.sh...@gmail.com reported this RCE vulnerability to the > OFBiz security team, and we thank him for that. > I'll later quote here his email message when the vulnerability will be fixed. > It's a post-auth vulnerability so we did not ask for a CVE. -- This message was sent by Atlassian Jira (v8.20.1#820001)