Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.16.

Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.8763}

epss

{'score': 0.88096}


Thu, 05 Sep 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache ofbiz
CPEs cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache ofbiz
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 04 Sep 2024 17:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Wed, 04 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
References

Wed, 04 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Title Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
Weaknesses CWE-918
CWE-94
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-09-13T03:55:20.597Z

Reserved: 2024-09-01T14:10:41.649Z

Link: CVE-2024-45507

cve-icon Vulnrichment

Updated: 2024-09-04T09:03:02.164Z

cve-icon NVD

Status : Modified

Published: 2024-09-04T09:15:04.520

Modified: 2024-11-21T09:37:52.333

Link: CVE-2024-45507

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.