CVE-2022-29158

HIGH

Apache OFBiz < 18.12.06 - Unauthenticated Regular Expression Denial of Service

Title source: llm
STIX 2.1

Description

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

References (2)

Core 2
Core References
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/09/02/5

Scores

CVSS v3 7.5
EPSS 0.0169
EPSS Percentile 74.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-1333
Status published
Products (1)
apache/ofbiz < 18.12.06
Published Sep 02, 2022
Tracked Since Feb 18, 2026