You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2020/07/15 12:51:28 UTC

[CVE-2020-13923] IDOR in Apache OFBiz

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
All versions < 17.12.04

Description:
IDOR vulnerability in the order processing feature from ecommerce component.

Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11836
----

Credit:
Harshit Shukla <ha...@gmail.com>

References:
https://ofbiz.apache.org/security.html