You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by "jleroux@apache.org" <jl...@apache.org> on 2020/07/15 13:08:19 UTC
[CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without
authentication
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.03
Description:
Apache OFBiz XML-RPC request areĀ vulnerable to unsafe deserialization and Cross-Site Scripting issues.
Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716
----
Credit:
Alvaro Munoz fromĀ GitHub Security Lab team <pw...@github.com>
References:
https://ofbiz.apache.org/security.html