Arbitrary file properties reading vulnerability in Apache...
High severity
Unreviewed
Published
Dec 26, 2023
to the GitHub Advisory Database
•
Updated Jan 4, 2024
Description
Published by the National Vulnerability Database
Dec 26, 2023
Published to the GitHub Advisory Database
Dec 26, 2023
Last updated
Jan 4, 2024
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.
The same uri can be operated to realize a SSRF attack also without authorizations.
Users are recommended to upgrade to version 18.12.11, which fixes this issue.
References