You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by "jleroux@apache.org" <jl...@apache.org> on 2021/08/11 16:07:22 UTC

[CVE-2021-37608] Arbitrary file upload vulnerability in OFBiz

Severity:
High, possible RCE

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz versions prior to 17.12.08

Description:
Apache OFBiz has unsafe deserialization prior to 17.12.08 version

Mitigation:
Upgrade to at least 17.12.08
or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297

Credit:
Zhujie from galaxylab <ga...@sina.com>

References:
http://ofbiz.apache.org/download.html#vulnerabilities