Apache OFBiz Product Security Update Advisory

Nov 27 2024

Overview

An update has been released to address vulnerabilities in Apache OFBiz Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-48962, CVE-2024-47208

Apache OFBiz versions: ~ 18.12.17 (excluded)

Resolved Vulnerabilities

Code injection, CSRF, and special element neutralization vulnerabilities in the template engine in Apache OFBiz (CVE-2024-48962)

SSRF, Code Injection Vulnerability in Apache OFBiz (CVE-2024-47208)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-48962, CVE-2024-47208

Apache OFBiz version: 18.12.17

Referenced Sites

[1] CVE-2024-48962 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-48962

[2] CVE-2024-47208 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-47208

[3] Download Apache OFBiz

https://ofbiz.apache.org/download.html

[4] Security Vulnerabilities

https://ofbiz.apache.org/security.html

Apache OFBiz Product Security Update Advisory

7-Zip Security Update Advisory (CVE-2024-11477)

UpKeeper Product Security Update Advisory

Tags:

7-Zip Security Update Advisory (CVE-2024-11477)

UpKeeper Product Security Update Advisory