CVE-2022-29158

Summary

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache OFBizApache OFBiz <= 18.12.05affected

Weaknesses

  • CWE-1333: CWE-1333: Inefficient Regular Expression Complexity

ADP Enrichment

CVE Program Container

Additional References

References