You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "jleroux@apache.org" <jl...@apache.org> on 2020/04/30 12:48:40 UTC

[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities

Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 17.12.01

Description:
Apache OFBiz is vulnerable to CSRF attacks

Mitigation:
Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470
----

Credit:
Initially known by the OFBiz security team (OFBIZ-10427),
also reported later by
Man Yue Mo via RT <se...@semmle.com>
Shuibo Ye <sh...@gmail.com>
Vikash Patnaik <vi...@outlook.com>
Sonali Agrahari <so...@gmail.com>
Girish Vasmatkar <gi...@hotwaxsystems.com>
Dinesh Kumar Mohanty <ki...@gmail.com>
Jason Nordenstam <j....@offensive-security.com>
Pradeep Jairamani <pr...@gmail.com>
Faiz Zaidi <fa...@gmail.com>

References:
https://ofbiz.apache.org/security.html