01642 06 11 11 Arrange Call

Apache OFBiz 18.12.05 Regular Expression Denial of Service (ReDoS) Vulnerability

CVE-2022-29158 · HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-29158

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Learn more about our External Network Penetration Testing.