CVE-2022-29158

Published: Sep 2, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Affected (1)

Products: Apache: Ofbiz

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Ofbiz	Before 18.12.06

Related CWEs

Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References (4)

http://www.openwall.com/lists/oss-security/2022/09/02/5

Source: security@apache.org

Mailing ListPatchThird Party Advisory

https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928

Source: security@apache.org

Mailing ListPatchVendor Advisory

http://www.openwall.com/lists/oss-security/2022/09/02/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

Timeline

No history available yet.